dll中找到在指定偏移量处执行的代码

dll中找到在指定偏移量处执行的代码

本文介绍了如何在ucrtbase.dll中找到在指定偏移量处执行的代码?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

查看此评论



(与邮局重复)

从调试的角度来看,那里提供的信息很有用(在学术上非常有用) ,这不是运行时的错误,即发生了溢出,他只是倒霉的一个人),这个用户如何确定呢?



我意识到提供了C语言运行时的代码,但是如何从偏移量过渡到源文件呢?



我有一个类似的问题,我试图在此处查找:

 故障模块名称:ucrtbase.dll 
故障模块版本:10.0.14393.2097
故障模块时间戳:5a820a13
异常偏移量:000000000006eabe
异常代码:c0000409

我在寻找ucrtbase + 6eade上的代码

解决方案

有可能知道应用程序所在的行即使它未在调试器下运行或内存转储不可用,也会出错。它可能不会告诉您它为什么失败,但是它将至少为您提供一个开始调查的地方。



应用程序失败后,请查看Windows事件记录以下条目:

使用 windbg.exe -zc:\yourmodule.dll 加载发生故障的模块(确保有符号! )
列出加载的模块(在这种情况下为 yourmodule.dll

  0:000> lm 
起始结束模块名称
00000000`00300000 00000000`00425000 yourmodule(私有pdb符号)c:\yourmodule.pdb

通过将事件查看器中报告的故障偏移量添加到模块的起始地址来查找崩溃所在的行

  0:000> ln 300000 + 5100e 
c:\sources\myclass.cpp(130)+ 0x14

如果您的符号与生产中的模块不完全匹配,则可以尝试 windbg 命令'.symopt + 0x40';

See this comment Windows c++ service faulting on ucrtbase.dll when starting

(Duplicated from the Post)

The information provided there is useful from a debugging perspective (well academically useful, its not the runtime's fault that an overflow has occurred, he's just the unlucky guy to report it), how was this user able to determine this?

I realize that some of the code to the C Language Runtime is provided but how do you transition from the offset to the source file?

I have a similar issue I am trying to track down here:

Fault Module Name:  ucrtbase.dll
Fault Module Version:   10.0.14393.2097
Fault Module Timestamp: 5a820a13
Exception Offset:   000000000006eabe
Exception Code: c0000409

I am looking for the code at ucrtbase + 6eade

解决方案

It is possible to know the line where an application faulted even if it was not running under debugger or memory dump is not available. It won’t probably tell you why it failed, but it will give you at least a point where to start investigating.

After the application failed, look at the Windows Event Logs for an entry like this:

Load the module that faulted using windbg.exe -z c:\yourmodule.dll (make sure you have symbols!)List the modules loaded (yourmodule.dll in this case)

0:000> lm
start             end                 module name
00000000`00300000 00000000`00425000   yourmodule    (private pdb symbols)  c:\yourmodule.pdb

Find the line where it crashed by adding the 'fault offset' reported in the event viewer to the 'start' address of your module

0:000> ln 300000+5100e
c:\sources\myclass.cpp(130)+0x14

If your symbols don’t match exactly the module that is in production, you can try in windbg the command ‘.symopt +0x40’; it will make it less restrictive.

这篇关于如何在ucrtbase.dll中找到在指定偏移量处执行的代码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-06 06:20