Discuz! Board

 找回密码
 立即注册
搜索
热搜: 活动 交友 discuz
查看: 1583|回复: 2
打印 上一主题 下一主题

崩溃分析 WinDbg

[复制链接]

1272

主题

2067

帖子

7962

积分

认证用户组

Rank: 5Rank: 5

积分
7962
跳转到指定楼层
楼主
发表于 2022-8-31 10:59:56 | 只看该作者 回帖奖励 |正序浏览 |阅读模式
本帖最后由 Qter 于 2024-2-22 18:41 编辑

D:\\release\\Package\\mCloudWin(V7.1.2)A001\\pdb:E:\\gitcode\\712\\mCloud_ClientWin712\\dll\\release

!analyze -v

https://zhuanlan.zhihu.com/p/43972006
下载,下载官方版本
[color=inherit !important]Download Debugging Tools for Windows - WinDbg - Windows drivers​docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools

配置

1.使用dump文件查找崩溃的位置
首先打开dump文件。
输入!analyze -v(原来写的!anaylze -v 感谢尚逸的提醒) 查看数据

输入!anaylze -v 查看数据
发现什么都没有
输入~*kbn 查看所有的线程
然后向上查找KERNELBASE!UnhandledExceptionFilter+0x25a 这个一个 未处理的异常

输入~*kbn 查看所有的线程
复制第三个参数00b8d9d0
输入 dd 00b8d9d0

输入 dd 00b8d9d0
然后输入 .exr 00b8db60(第二个参数)查看上下文 .cxr 00b8dbb0 (第三个参数)

.exr 00b8db60(第二个参数)查看上下文 .cxr 00b8dbb0 (第三个参数)
然后kbn

kbn
然后发现自己熟悉代码
双击崩溃位置,发现跳不过去
打开call stack

打开call stack
双击崩溃的位置

双击崩溃的位置
成功跳转代码
打开local

打开local
查看崩溃前的数据

查看崩溃前的数据
这里就可以找到错误的位置以及出问题的原因了。
2.调试程序,由于某些情况下,pdb与现在版本不一致(vs中修改了些的代码,或者vs抽风)vs无法附加进程,但是bug又是偶现的,好不容易出现一次又不能破坏现场。就可以直接使用windbg直接附加到进程进行调试程序。

附加到进程
此时程序会暂停
打开cpp文件
点击上面的小图标,可以打开调用堆栈等窗口。
选中你需要调试的代码F9添加断点,跟vs一致。

添加断点
F5或者输入g 继续运行

断点停止成功
可以看到当前运行的数据都可以看到了。


回复

使用道具 举报

1272

主题

2067

帖子

7962

积分

认证用户组

Rank: 5Rank: 5

积分
7962
板凳
 楼主| 发表于 2022-8-31 11:17:28 | 只看该作者

  1. Microsoft (R) Windows Debugger Version 10.0.17763.132 X86
  2. Copyright (c) Microsoft Corporation. All rights reserved.


  3. Loading Dump File [D:\Backup\我的文档\Tencent Files\254452118\FileRecv\crashlogs (3)\crashlogs\6de356ec-1e38-4cdc-92ab-c8a495de857f\crashdump.dmp]
  4. User Mini Dump File: Only registers, stack and portions of memory are available

  5. Symbol search path is: srv*
  6. Executable search path is:
  7. Windows 10 Version 18363 MP (6 procs) Free x86 compatible
  8. Product: WinNt, suite: SingleUserTS
  9. 10.0.18362.329 (WinBuild.160101.0800)
  10. Machine Name:
  11. Debug session time: Wed Aug 31 03:47:35.000 2022 (UTC + 8:00)
  12. System Uptime: not available
  13. Process Uptime: 0 days 3:15:10.000
  14. ................................................................
  15. ................................................................
  16. ................................................................
  17. ..........
  18. This dump file has an exception of interest stored in it.
  19. The stored exception information can be accessed via .ecxr.
  20. (12a84.117d4): Unknown exception - code 00000000 (first/second chance not available)
  21. eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=000003e8
  22. eip=77ab1e3c esp=0737f1f8 ebp=0737f268 iopl=0         nv up ei pl nz na po nc
  23. cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
  24. ntdll!NtWaitForSingleObject+0xc:
  25. 77ab1e3c c20c00          ret     0Ch
  26. Error: Change all symbol paths attempts to access 'D:\\release\\Package\\mCloudWin(V7.1.2)A001\\pdb:E:\\gitcode\\712\\mCloud_ClientWin712\\dll\\release' failed: 0x7b - 文件名、目录名或卷标语法不正确。

  27. ************* Path validation summary **************
  28. Response                         Time (ms)     Location
  29. Error                                          D:\\release\\Package\\mCloudWin(V7.1.2)A001\\pdb:E:\\gitcode\\712\\mCloud_ClientWin712\\dll\\release
  30. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll -
  31. 0:013> .reload
  32. ..*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll -
  33. ..............................................................
  34. ................................................................
  35. ................................................................
  36. ..........
  37. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for KERNELBASE.dll -

  38. ************* Symbol Loading Error Summary **************
  39. Module name            Error
  40. ntdll                  The system cannot find the file specified
  41. KERNELBASE             The system cannot find the file specified

  42. You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
  43. You should also verify that your symbol search path (.sympath) is correct.
  44. 0:013> !analyze -v
  45. *******************************************************************************
  46. *                                                                             *
  47. *                        Exception Analysis                                   *
  48. *                                                                             *
  49. *******************************************************************************

  50. *************************************************************************
  51. ***                                                                   ***
  52. ***                                                                   ***
  53. ***    Either you specified an unqualified symbol, or your debugger   ***
  54. ***    doesn't have full symbol information.  Unqualified symbol      ***
  55. ***    resolution is turned off by default. Please either specify a   ***
  56. ***    fully qualified symbol module!symbolname, or enable resolution ***
  57. ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
  58. ***    enabling unqualified symbol resolution with network symbol     ***
  59. ***    server shares in the symbol path may cause the debugger to     ***
  60. ***    appear to hang for long periods of time when an incorrect      ***
  61. ***    symbol name is typed or the network symbol server is down.     ***
  62. ***                                                                   ***
  63. ***    For some commands to work properly, your symbol path           ***
  64. ***    must point to .pdb files that have full type information.      ***
  65. ***                                                                   ***
  66. ***    Certain .pdb files (such as the public OS symbols) do not      ***
  67. ***    contain the required information.  Contact the group that      ***
  68. ***    provided you with these symbols if you need this command to    ***
  69. ***    work.                                                          ***
  70. ***                                                                   ***
  71. ***    Type referenced: $ntdllsym!_CONTEXT                            ***
  72. ***                                                                   ***
  73. *************************************************************************
  74. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for ucrtbase.dll -
  75. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for log4cpp.dll -
  76. *** WARNING: Unable to verify timestamp for mCloud.exe
  77. *** ERROR: Module load completed but symbols could not be loaded for mCloud.exe
  78. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for Qt5Core.dll -
  79. *** WARNING: Unable to verify timestamp for cloud.dll
  80. *** ERROR: Module load completed but symbols could not be loaded for cloud.dll
  81. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for kernel32.dll -
  82. ***** OS symbols are WRONG. Please fix symbols to do analysis.

  83. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for ole32.dll -
  84. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for combase.dll -
  85. *************************************************************************
  86. ***                                                                   ***
  87. ***                                                                   ***
  88. ***    Either you specified an unqualified symbol, or your debugger   ***
  89. ***    doesn't have full symbol information.  Unqualified symbol      ***
  90. ***    resolution is turned off by default. Please either specify a   ***
  91. ***    fully qualified symbol module!symbolname, or enable resolution ***
  92. ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
  93. ***    enabling unqualified symbol resolution with network symbol     ***
  94. ***    server shares in the symbol path may cause the debugger to     ***
  95. ***    appear to hang for long periods of time when an incorrect      ***
  96. ***    symbol name is typed or the network symbol server is down.     ***
  97. ***                                                                   ***
  98. ***    For some commands to work properly, your symbol path           ***
  99. ***    must point to .pdb files that have full type information.      ***
  100. ***                                                                   ***
  101. ***    Certain .pdb files (such as the public OS symbols) do not      ***
  102. ***    contain the required information.  Contact the group that      ***
  103. ***    provided you with these symbols if you need this command to    ***
  104. ***    work.                                                          ***
  105. ***                                                                   ***
  106. ***    Type referenced: nt!_CONTEXT                                   ***
  107. ***                                                                   ***
  108. *************************************************************************

  109. KEY_VALUES_STRING: 1


  110. STACKHASH_ANALYSIS: 1

  111. TIMELINE_ANALYSIS: 1


  112. DUMP_CLASS: 2

  113. DUMP_QUALIFIER: 400

  114. CONTEXT:  (.ecxr)
  115. eax=0737f228 ebx=00000000 ecx=00000000 edx=049f43b8 esi=642e4610 edi=049f43b8
  116. eip=642e3842 esp=0737f4fc ebp=0737f878 iopl=0         nv up ei pl nz ac pe nc
  117. cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000216
  118. CrashRpt_r!Ordinal10+0x3842:
  119. 642e3842 8b4508          mov     eax,dword ptr [ebp+8] ss:002b:0737f880=0737f884
  120. Resetting default scope

  121. FAULTING_IP:
  122. CrashRpt_r!Ordinal10+3842
  123. 642e3842 8b4508          mov     eax,dword ptr [ebp+8]

  124. EXCEPTION_RECORD:  (.exr -1)
  125. ExceptionAddress: 642e3842 (CrashRpt_r!Ordinal10+0x00003842)
  126.    ExceptionCode: 00000000
  127.   ExceptionFlags: 00000000
  128. NumberParameters: 0

  129. WRONG_SYMBOLS_TIMESTAMP: 3dcfaabb

  130. WRONG_SYMBOLS_SIZE: 19a000

  131. FAULTING_MODULE: 77a40000 ntdll

  132. DEBUG_FLR_IMAGE_TIMESTAMP:  3dcfaabb

  133. ADDITIONAL_DEBUG_TEXT:  
  134. You can run '.symfix; .reload' to try to fix the symbol path and load symbols. ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]

  135. ANALYSIS_SESSION_HOST:  CY-202010141JOS

  136. ANALYSIS_SESSION_TIME:  08-31-2022 11:16:35.0154

  137. ANALYSIS_VERSION: 10.0.17763.132 x86fre

  138. STACK_TEXT:  
  139. 0737f4fc 642e3842 CrashRpt_r!Ordinal10+0x3842
  140. 0737f880 642e4683 CrashRpt_r!Ordinal10+0x4683
  141. 0737f8bc 759aca3d ucrtbase!get_thread_local_invalid_parameter_handler+0x1dd
  142. 0737f934 5baad3d0 log4cpp!log4cpp::FileAppender::_append+0x40
  143. 0737f96c 5babb59e log4cpp!log4cpp::RollingFileAppender::_append+0xe
  144. 0737f97c 5baa5053 log4cpp!log4cpp::AppenderSkeleton::doAppend+0x33
  145. 0737f990 5baaa640 log4cpp!log4cpp::Category::callAppenders+0x30
  146. 0737f9a8 5baaa2dd log4cpp!log4cpp::Category::_logUnconditionally2+0x3d
  147. 0737fa2c 5baaa333 log4cpp!log4cpp::Category::_logUnconditionally+0x33
  148. 0737fa60 5baaa7dc log4cpp!log4cpp::Category::crit+0x2c
  149. 0737fa78 010738a7 mCloud+0x738a7
  150. 0737faa4 590ee045 Qt5Core!qt_message_output+0x165
  151. 0737fadc 590edef3 Qt5Core!qt_message_output+0x13
  152. 0737fb20 5a41f7f3 cloud+0x14f7f3
  153. 0737fcc0 5a4200e2 cloud+0x1500e2
  154. 0737fe48 5a41e0ca cloud+0x14e0ca
  155. 0737fe54 590f70c8 Qt5Core!QThreadPoolPrivate::reset+0x1a8
  156. 0737feac 590f397c Qt5Core!QThread::start+0x31c
  157. 0737fed0 76646359 kernel32!BaseThreadInitThunk+0x19
  158. 0737fee0 77aa7c14 ntdll!RtlGetAppContainerNamedObjectPath+0xe4
  159. 0737ff3c 77aa7be4 ntdll!RtlGetAppContainerNamedObjectPath+0xb4


  160. THREAD_SHA1_HASH_MOD_FUNC:  0656e6cd7b900dce72263212cadce02ceba0688f

  161. THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  abd1bc3fa942986f8e3a974a7ab793f393427bb3

  162. THREAD_SHA1_HASH_MOD:  237449150da3ad0618a4e5609051d68d97612dcf

  163. FOLLOWUP_IP:
  164. CrashRpt_r!Ordinal10+3842
  165. 642e3842 8b4508          mov     eax,dword ptr [ebp+8]

  166. FAULT_INSTR_CODE:  8d08458b

  167. SYMBOL_STACK_INDEX:  0

  168. FOLLOWUP_NAME:  MachineOwner

  169. STACK_COMMAND:  .ecxr ; kb ; ** Pseudo Context ** Pseudo ** Value: 148f6550 ** ; kb

  170. BUGCHECK_STR:  3DCFAABB

  171. EXCEPTION_CODE: (NTSTATUS) 0x3dcfaabb - <Unable to get error code text>

  172. EXCEPTION_CODE_STR:  3DCFAABB

  173. EXCEPTION_STR:  WRONG_SYMBOLS

  174. PROCESS_NAME:  ntdll.wrong.symbols.dll

  175. IMAGE_NAME:  ntdll.wrong.symbols.dll

  176. MODULE_NAME: ntdll_wrong_symbols

  177. SYMBOL_NAME:  ntdll_wrong_symbols!3DCFAABB19A000

  178. BUCKET_ID:  WRONG_SYMBOLS_X86_10.0.18362.329_(WinBuild.160101.0800)_TIMESTAMP_021111-130355

  179. DEFAULT_BUCKET_ID:  WRONG_SYMBOLS_X86_10.0.18362.329_(WinBuild.160101.0800)_TIMESTAMP_021111-130355

  180. PRIMARY_PROBLEM_CLASS:  WRONG_SYMBOLS

  181. FAILURE_BUCKET_ID:  WRONG_SYMBOLS_X86_10.0.18362.329_(WinBuild.160101.0800)_TIMESTAMP_021111-130355_3DCFAABB_ntdll.wrong.symbols.dll!3DCFAABB19A000

  182. FAILURE_EXCEPTION_CODE:  3DCFAABB

  183. FAILURE_IMAGE_NAME:  ntdll.wrong.symbols.dll

  184. BUCKET_ID_IMAGE_STR:  ntdll.wrong.symbols.dll

  185. FAILURE_MODULE_NAME:  ntdll_wrong_symbols

  186. BUCKET_ID_MODULE_STR:  ntdll_wrong_symbols

  187. FAILURE_FUNCTION_NAME:  3DCFAABB19A000

  188. BUCKET_ID_FUNCTION_STR:  3DCFAABB19A000

  189. BUCKET_ID_OFFSET:  0

  190. BUCKET_ID_MODTIMEDATESTAMP:  0

  191. BUCKET_ID_MODCHECKSUM:  0

  192. BUCKET_ID_MODVER_STR:  0.0.0.0

  193. BUCKET_ID_PREFIX_STR:  WRONG_SYMBOLS_X86_10.0.18362.329_(WinBuild.160101.0800)_TIMESTAMP_021111-130355

  194. FAILURE_PROBLEM_CLASS:  WRONG_SYMBOLS

  195. FAILURE_SYMBOL_NAME:  ntdll.wrong.symbols.dll!3DCFAABB19A000

  196. TARGET_TIME:  2022-08-30T19:47:35.000Z

  197. OSBUILD:  18363

  198. OSSERVICEPACK:  778

  199. SERVICEPACK_NUMBER: 0

  200. OS_REVISION: 0

  201. SUITE_MASK:  256

  202. PRODUCT_TYPE:  1

  203. OSPLATFORM_TYPE:  x86

  204. OSNAME:  Windows 10

  205. OSEDITION:  Windows 10 WinNt SingleUserTS

  206. OS_LOCALE:  

  207. USER_LCID:  0

  208. OSBUILD_TIMESTAMP:  1982-04-09 08:25:11

  209. BUILDDATESTAMP_STR:  160101.0800

  210. BUILDLAB_STR:  WinBuild

  211. BUILDOSVER_STR:  10.0.18362.329

  212. ANALYSIS_SESSION_ELAPSED_TIME:  15c

  213. ANALYSIS_SOURCE:  UM

  214. FAILURE_ID_HASH_STRING:  um:wrong_symbols_x86_10.0.18362.329_(winbuild.160101.0800)_timestamp_021111-130355_3dcfaabb_ntdll.wrong.symbols.dll!3dcfaabb19a000

  215. FAILURE_ID_HASH:  {78ced7a0-5a1c-f23b-6dc7-e64309912087}

  216. Followup:     MachineOwner
  217. ---------

复制代码
回复 支持 反对

使用道具 举报

1272

主题

2067

帖子

7962

积分

认证用户组

Rank: 5Rank: 5

积分
7962
沙发
 楼主| 发表于 2022-8-31 11:00:27 | 只看该作者

  1. Microsoft (R) Windows Debugger Version 10.0.17763.132 X86
  2. Copyright (c) Microsoft Corporation. All rights reserved.


  3. Loading Dump File [D:\问题\libcef\60f70e3a-f32c-4e4c-b34e-85e2e6bc31a8\crashdump.dmp]
  4. User Mini Dump File: Only registers, stack and portions of memory are available

  5. Error: Change all symbol paths attempts to access 'D:\\release\\Package\\mCloudWin(V7.1.2)A001\\pdb:E:\\gitcode\\712\\mCloud_ClientWin712\\dll\\release' failed: 0x7b - 文件名、目录名或卷标语法不正确。

  6. ************* Path validation summary **************
  7. Response                         Time (ms)     Location
  8. Error                                          D:\\release\\Package\\mCloudWin(V7.1.2)A001\\pdb:E:\\gitcode\\712\\mCloud_ClientWin712\\dll\\release
  9. Symbol search path is: D:\\release\\Package\\mCloudWin(V7.1.2)A001\\pdb:E:\\gitcode\\712\\mCloud_ClientWin712\\dll\\release
  10. Executable search path is:
  11. Windows 10 Version 18362 MP (12 procs) Free x86 compatible
  12. Product: WinNt, suite: SingleUserTS
  13. 10.0.18362.1110 (WinBuild.160101.0800)
  14. Machine Name:
  15. Debug session time: Tue Aug 23 17:31:21.000 2022 (UTC + 8:00)
  16. System Uptime: not available
  17. Process Uptime: 3 days 3:37:23.000
  18. ................................................................
  19. ................................................................
  20. .........................................................
  21. This dump file has an exception of interest stored in it.
  22. The stored exception information can be accessed via .ecxr.
  23. (42b4.1e54): Unknown exception - code e0000008 (first/second chance not available)
  24. *** WARNING: Unable to verify timestamp for ntdll.dll
  25. *** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
  26. Unable to load image C:\Windows\System32\KERNELBASE.dll, Win32 error 0n2
  27. *** WARNING: Unable to verify timestamp for KERNELBASE.dll
  28. *** ERROR: Module load completed but symbols could not be loaded for KERNELBASE.dll
  29. eax=00000000 ebx=129de91c ecx=00000000 edx=00000000 esi=00000000 edi=00000408
  30. eip=77c52f3c esp=129de0e0 ebp=129de150 iopl=0         nv up ei pl nz ac po nc
  31. cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000212
  32. ntdll+0x72f3c:
  33. 77c52f3c c20c00          ret     0Ch
  34. 0:047> !analyze -v
  35. *******************************************************************************
  36. *                                                                             *
  37. *                        Exception Analysis                                   *
  38. *                                                                             *
  39. *******************************************************************************

  40. *************************************************************************
  41. ***                                                                   ***
  42. ***                                                                   ***
  43. ***    Either you specified an unqualified symbol, or your debugger   ***
  44. ***    doesn't have full symbol information.  Unqualified symbol      ***
  45. ***    resolution is turned off by default. Please either specify a   ***
  46. ***    fully qualified symbol module!symbolname, or enable resolution ***
  47. ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
  48. ***    enabling unqualified symbol resolution with network symbol     ***
  49. ***    server shares in the symbol path may cause the debugger to     ***
  50. ***    appear to hang for long periods of time when an incorrect      ***
  51. ***    symbol name is typed or the network symbol server is down.     ***
  52. ***                                                                   ***
  53. ***    For some commands to work properly, your symbol path           ***
  54. ***    must point to .pdb files that have full type information.      ***
  55. ***                                                                   ***
  56. ***    Certain .pdb files (such as the public OS symbols) do not      ***
  57. ***    contain the required information.  Contact the group that      ***
  58. ***    provided you with these symbols if you need this command to    ***
  59. ***    work.                                                          ***
  60. ***                                                                   ***
  61. ***    Type referenced: $ntdllsym!_CONTEXT                            ***
  62. ***                                                                   ***
  63. *************************************************************************
  64. *** WARNING: Unable to verify timestamp for kernel32.dll
  65. *** ERROR: Module load completed but symbols could not be loaded for kernel32.dll
  66. ***** OS symbols are WRONG. Please fix symbols to do analysis.

  67. Unable to load image C:\Windows\System32\ole32.dll, Win32 error 0n2
  68. *** WARNING: Unable to verify timestamp for ole32.dll
  69. *** ERROR: Module load completed but symbols could not be loaded for ole32.dll
  70. Unable to load image C:\Windows\System32\combase.dll, Win32 error 0n2
  71. *** WARNING: Unable to verify timestamp for combase.dll
  72. *** ERROR: Module load completed but symbols could not be loaded for combase.dll
  73. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for CrashRpt_r.dll -
  74. *** WARNING: Unable to verify timestamp for SogouPY.ime
  75. *** ERROR: Module load completed but symbols could not be loaded for SogouPY.ime
  76. *** WARNING: Unable to verify timestamp for PicFace.dll
  77. *** ERROR: Module load completed but symbols could not be loaded for PicFace.dll
  78. *************************************************************************
  79. ***                                                                   ***
  80. ***                                                                   ***
  81. ***    Either you specified an unqualified symbol, or your debugger   ***
  82. ***    doesn't have full symbol information.  Unqualified symbol      ***
  83. ***    resolution is turned off by default. Please either specify a   ***
  84. ***    fully qualified symbol module!symbolname, or enable resolution ***
  85. ***    of unqualified symbols by typing ".symopt- 100". Note that     ***
  86. ***    enabling unqualified symbol resolution with network symbol     ***
  87. ***    server shares in the symbol path may cause the debugger to     ***
  88. ***    appear to hang for long periods of time when an incorrect      ***
  89. ***    symbol name is typed or the network symbol server is down.     ***
  90. ***                                                                   ***
  91. ***    For some commands to work properly, your symbol path           ***
  92. ***    must point to .pdb files that have full type information.      ***
  93. ***                                                                   ***
  94. ***    Certain .pdb files (such as the public OS symbols) do not      ***
  95. ***    contain the required information.  Contact the group that      ***
  96. ***    provided you with these symbols if you need this command to    ***
  97. ***    work.                                                          ***
  98. ***                                                                   ***
  99. ***    Type referenced: nt!_CONTEXT                                   ***
  100. ***                                                                   ***
  101. *************************************************************************

  102. KEY_VALUES_STRING: 1


  103. STACKHASH_ANALYSIS: 1

  104. TIMELINE_ANALYSIS: 1


  105. DUMP_CLASS: 2

  106. DUMP_QUALIFIER: 400

  107. CONTEXT:  (.ecxr)
  108. eax=129def88 ebx=00000170 ecx=00000001 edx=00000000 esi=00000000 edi=6933802c
  109. eip=75ba46d2 esp=129def88 ebp=129defe4 iopl=0         nv up ei pl nz ac pe nc
  110. cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000216
  111. KERNELBASE+0x1146d2:
  112. 75ba46d2 8b4c2454        mov     ecx,dword ptr [esp+54h] ss:002b:129defdc=b8f7255a
  113. Resetting default scope

  114. FAULTING_IP:
  115. KERNELBASE+1146d2
  116. 75ba46d2 8b4c2454        mov     ecx,dword ptr [esp+54h]

  117. EXCEPTION_RECORD:  (.exr -1)
  118. ExceptionAddress: 75ba46d2 (KERNELBASE+0x001146d2)
  119.    ExceptionCode: e0000008
  120.   ExceptionFlags: 00000001
  121. NumberParameters: 1
  122.    Parameter[0]: 00000170

  123. BUGCHECK_STR:  E94AEEF6

  124. WRONG_SYMBOLS_TIMESTAMP: e94aeef6

  125. WRONG_SYMBOLS_SIZE: 19a000

  126. FAULTING_MODULE: 77be0000 ntdll

  127. DEBUG_FLR_IMAGE_TIMESTAMP:  e94aeef6

  128. ADDITIONAL_DEBUG_TEXT:  
  129. You can run '.symfix; .reload' to try to fix the symbol path and load symbols. ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]

  130. ANALYSIS_SESSION_HOST:  CY-202010141JOS

  131. ANALYSIS_SESSION_TIME:  08-31-2022 10:56:05.0916

  132. ANALYSIS_VERSION: 10.0.17763.132 x86fre

  133. STACK_TEXT:  
  134. 129def88 75ba46d2 KERNELBASE+0x1146d2
  135. 129defec 65a74cfd libcef!cef_string_utf16_to_upper+0x426fd
  136. 129df008 664c1511 libcef!cef_time_delta+0x23e16
  137. 129df014 65abb104 libcef!cef_string_utf16_to_upper+0x88b04
  138. 129df02c 65a5d31e libcef!cef_string_utf16_to_upper+0x2ad1e
  139. 129df03c 6472e6d4 libcef!cef_string_multimap_size+0x3fdc0b
  140. 129df05c 64741dce libcef!cef_string_multimap_size+0x411305
  141. 129df090 64730fe8 libcef!cef_string_multimap_size+0x40051f
  142. 129df264 6473629e libcef!cef_string_multimap_size+0x4057d5
  143. 129df288 65af1af1 libcef!cef_string_utf16_to_upper+0xbf4f1
  144. 129df2c4 640cfcad libcef!cef_zip_reader_create+0x27f19
  145. 129df2d8 64425db3 libcef!cef_string_multimap_size+0xf52ea
  146. 129df334 646368ca libcef!cef_string_multimap_size+0x305e01
  147. 129df3d8 65e34eb1 libcef!cef_string_utf16_to_upper+0x4028b1
  148. 129df46c 65d882de libcef!cef_string_utf16_to_upper+0x355cde
  149. 129df4e8 65d884c8 libcef!cef_string_utf16_to_upper+0x355ec8
  150. 129df570 65d8a4b7 libcef!cef_string_utf16_to_upper+0x357eb7
  151. 129df590 648ad33b libcef!cef_string_multimap_size+0x57c872
  152. 129df5ac 65a87aa7 libcef!cef_string_utf16_to_upper+0x554a7
  153. 129df618 664d9895 libcef!cef_time_delta+0x3c19a
  154. 129df6ec 664d9630 libcef!cef_time_delta+0x3bf35
  155. 129df74c 664c7438 libcef!cef_time_delta+0x29d3d
  156. 129df78c 664da06a libcef!cef_time_delta+0x3c96f
  157. 129df7b4 65a764f6 libcef!cef_string_utf16_to_upper+0x43ef6
  158. 129df804 65a7636f libcef!cef_string_utf16_to_upper+0x43d6f
  159. 129df814 65a9592b libcef!cef_string_utf16_to_upper+0x6332b
  160. 129df81c 65a95a93 libcef!cef_string_utf16_to_upper+0x63493
  161. 129df868 65a93d75 libcef!cef_string_utf16_to_upper+0x61775
  162. 129df88c 75f86359 kernel32+0x16359
  163. 129df89c 77c48944 ntdll+0x68944
  164. 129df8f8 77c48914 ntdll+0x68914


  165. THREAD_SHA1_HASH_MOD_FUNC:  c3ed4354ce909c6ff0339885e25cf45198b1767a

  166. THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  a5bed8ebe0fcb2ddbff57df9a5982ba1aac112c8

  167. THREAD_SHA1_HASH_MOD:  f948376e29c6ced390fd2053430ccfa5ea9a3883

  168. FOLLOWUP_IP:
  169. KERNELBASE+1146d2
  170. 75ba46d2 8b4c2454        mov     ecx,dword ptr [esp+54h]

  171. FAULT_INSTR_CODE:  54244c8b

  172. SYMBOL_STACK_INDEX:  0

  173. FOLLOWUP_NAME:  MachineOwner

  174. STACK_COMMAND:  .ecxr ; kb ; ** Pseudo Context ** Pseudo ** Value: 11f9c5d8 ** ; kb

  175. EXCEPTION_CODE: (NTSTATUS) 0xe94aeef6 - <Unable to get error code text>

  176. EXCEPTION_CODE_STR:  E94AEEF6

  177. EXCEPTION_STR:  WRONG_SYMBOLS

  178. PROCESS_NAME:  ntdll.wrong.symbols.dll

  179. IMAGE_NAME:  ntdll.wrong.symbols.dll

  180. MODULE_NAME: ntdll_wrong_symbols

  181. SYMBOL_NAME:  ntdll_wrong_symbols!E94AEEF619A000

  182. BUCKET_ID:  WRONG_SYMBOLS_X86_10.0.18362.1110_(WinBuild.160101.0800)_TIMESTAMP_940110-224926

  183. DEFAULT_BUCKET_ID:  WRONG_SYMBOLS_X86_10.0.18362.1110_(WinBuild.160101.0800)_TIMESTAMP_940110-224926

  184. PRIMARY_PROBLEM_CLASS:  WRONG_SYMBOLS

  185. FAILURE_EXCEPTION_CODE:  E94AEEF6

  186. FAILURE_IMAGE_NAME:  ntdll.wrong.symbols.dll

  187. BUCKET_ID_IMAGE_STR:  ntdll.wrong.symbols.dll

  188. FAILURE_MODULE_NAME:  ntdll_wrong_symbols

  189. BUCKET_ID_MODULE_STR:  ntdll_wrong_symbols

  190. FAILURE_FUNCTION_NAME:  E94AEEF619A000

  191. BUCKET_ID_FUNCTION_STR:  E94AEEF619A000

  192. BUCKET_ID_OFFSET:  0

  193. BUCKET_ID_MODTIMEDATESTAMP:  0

  194. BUCKET_ID_MODCHECKSUM:  0

  195. BUCKET_ID_MODVER_STR:  0.0.0.0

  196. BUCKET_ID_PREFIX_STR:  WRONG_SYMBOLS_X86_10.0.18362.1110_(WinBuild.160101.0800)_TIMESTAMP_940110-224926

  197. FAILURE_PROBLEM_CLASS:  WRONG_SYMBOLS

  198. FAILURE_SYMBOL_NAME:  ntdll.wrong.symbols.dll!E94AEEF619A000

  199. FAILURE_BUCKET_ID:  WRONG_SYMBOLS_X86_10.0.18362.1110_(WinBuild.160101.0800)_TIMESTAMP_940110-224926_E94AEEF6_ntdll.wrong.symbols.dll!E94AEEF619A000

  200. TARGET_TIME:  2022-08-23T09:31:21.000Z

  201. OSBUILD:  18362

  202. OSSERVICEPACK:  1110

  203. SERVICEPACK_NUMBER: 0

  204. OS_REVISION: 0

  205. SUITE_MASK:  256

  206. PRODUCT_TYPE:  1

  207. OSPLATFORM_TYPE:  x86

  208. OSNAME:  Windows 10

  209. OSEDITION:  Windows 10 WinNt SingleUserTS

  210. OS_LOCALE:  

  211. USER_LCID:  0

  212. OSBUILD_TIMESTAMP:  2017-09-12 07:43:03

  213. BUILDDATESTAMP_STR:  160101.0800

  214. BUILDLAB_STR:  WinBuild

  215. BUILDOSVER_STR:  10.0.18362.1110

  216. ANALYSIS_SESSION_ELAPSED_TIME:  b7

  217. ANALYSIS_SOURCE:  UM

  218. FAILURE_ID_HASH_STRING:  um:wrong_symbols_x86_10.0.18362.1110_(winbuild.160101.0800)_timestamp_940110-224926_e94aeef6_ntdll.wrong.symbols.dll!e94aeef619a000

  219. FAILURE_ID_HASH:  {ff4692e3-d0ff-92f5-0605-0bb0d3e3994d}

  220. Followup:     MachineOwner
  221. ---------

复制代码
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|Archiver|手机版|小黑屋|firemail ( 粤ICP备15085507号-1 )

GMT+8, 2024-11-26 06:57 , Processed in 0.074314 second(s), 19 queries .

Powered by Discuz! X3

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表