64,661
社区成员
发帖
与我相关
我的任务
分享dump文件解析,求助
Loading Dump File [D:\Work\SVNRUN\ServerRelease\DUMP20150812131851285.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: srv*d:/symbolslocal*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Machine Name:
Debug session time: Wed Aug 12 13:18:51.000 2015 (UTC + 8:00)
System Uptime: not available
Process Uptime: 0 days 0:17:20.000
................................................................
.....
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(4b4.7cc): Access violation - code c0000005 (first/second chance not available)
ntdll!ZwGetContextThread+0xa:
00000000`77a91f8a c3 ret
0:004> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
Unable to load image D:\ServerRelease\Server2010.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Server2010.exe
Unable to load image D:\ServerRelease\msvcp100.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for msvcp100.dll
GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/Server2010_exe/0_0_0_0/55cab1a7/ntdll_dll/6_1_7601_18247/521eaf24/c0000005/00053290.htm?Retriage=1
FAULTING_IP:
ntdll!RtlFreeHeap+d0
00000000`77a93290 4c8b6308 mov r12,qword ptr [rbx+8]
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000077a93290 (ntdll!RtlFreeHeap+0x00000000000000d0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00000b4582f38c48
Attempt to read from address 00000b4582f38c48
PROCESS_NAME: Server2010.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 00000b4582f38c48
READ_ADDRESS: 00000b4582f38c48
FOLLOWUP_IP:
ntdll!RtlFreeHeap+d0
00000000`77a93290 4c8b6308 mov r12,qword ptr [rbx+8]
MOD_LIST: <ANALYSIS/>
LAST_CONTROL_TRANSFER: from 0000000077941a4a to 0000000077a93290
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
FAULTING_THREAD: ffffffffffffffff
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ_FILL_PATTERN_ffffffff
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ_FILL_PATTERN_ffffffff
DEFAULT_BUCKET_ID: INVALID_POINTER_READ_FILL_PATTERN_ffffffff
STACK_TEXT:
00000000`00000000 00000000`00000000 unknown!unknown+0x0
SYMBOL_NAME: unknown!unknown
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: unknown
IMAGE_NAME: unknown
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: ** Pseudo Context ** ; kb
FAILURE_BUCKET_ID: INVALID_POINTER_READ_FILL_PATTERN_ffffffff_c0000005_unknown!Unloaded
BUCKET_ID: X64_APPLICATION_FAULT_INVALID_POINTER_READ_FILL_PATTERN_ffffffff_unknown!unknown
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/Server2010_exe/0_0_0_0/55cab1a7/ntdll_dll/6_1_7601_18247/521eaf24/c0000005/00053290.htm?Retriage=1
Followup: MachineOwner
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: srv*d:/symbolslocal*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Machine Name:
Debug session time: Wed Aug 12 13:18:51.000 2015 (UTC + 8:00)
System Uptime: not available
Process Uptime: 0 days 0:17:20.000
................................................................
.....
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(4b4.7cc): Access violation - code c0000005 (first/second chance not available)
ntdll!ZwGetContextThread+0xa:
00000000`77a91f8a c3 ret
0:004> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
Unable to load image D:\ServerRelease\Server2010.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Server2010.exe
Unable to load image D:\ServerRelease\msvcp100.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for msvcp100.dll
GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/Server2010_exe/0_0_0_0/55cab1a7/ntdll_dll/6_1_7601_18247/521eaf24/c0000005/00053290.htm?Retriage=1
FAULTING_IP:
ntdll!RtlFreeHeap+d0
00000000`77a93290 4c8b6308 mov r12,qword ptr [rbx+8]
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000077a93290 (ntdll!RtlFreeHeap+0x00000000000000d0)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00000b4582f38c48
Attempt to read from address 00000b4582f38c48
PROCESS_NAME: Server2010.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 00000b4582f38c48
READ_ADDRESS: 00000b4582f38c48
FOLLOWUP_IP:
ntdll!RtlFreeHeap+d0
00000000`77a93290 4c8b6308 mov r12,qword ptr [rbx+8]
MOD_LIST: <ANALYSIS/>
LAST_CONTROL_TRANSFER: from 0000000077941a4a to 0000000077a93290
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
FAULTING_THREAD: ffffffffffffffff
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ_FILL_PATTERN_ffffffff
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ_FILL_PATTERN_ffffffff
DEFAULT_BUCKET_ID: INVALID_POINTER_READ_FILL_PATTERN_ffffffff
STACK_TEXT:
00000000`00000000 00000000`00000000 unknown!unknown+0x0
SYMBOL_NAME: unknown!unknown
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: unknown
IMAGE_NAME: unknown
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: ** Pseudo Context ** ; kb
FAILURE_BUCKET_ID: INVALID_POINTER_READ_FILL_PATTERN_ffffffff_c0000005_unknown!Unloaded
BUCKET_ID: X64_APPLICATION_FAULT_INVALID_POINTER_READ_FILL_PATTERN_ffffffff_unknown!unknown
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/Server2010_exe/0_0_0_0/55cab1a7/ntdll_dll/6_1_7601_18247/521eaf24/c0000005/00053290.htm?Retriage=1
Followup: MachineOwner
...全文
请发表友善的回复…
发表回复
dvlinker 2016-10-27
- 打赏
- 举报
拿到pdb文件后,分析异常时的函数调用堆栈应该能看到有用的信息!!!
fly_dragon_fly 2015-08-12
- 打赏
- 举报
Server2010.exe是自己的程序吗,是的话生成map文件来找
赵4老师 2015-08-12
- 打赏
- 举报
有时不将“调用函数名字+各参数值,进入函数后各参数值,中间变量值,退出函数前准备返回的值,返回函数到调用处后函数名字+各参数值+返回值”这些信息写日志到文件中是无论如何也发现不了问题在哪里的,包括捕获各种异常、写日志到屏幕、单步或设断点或生成core文件、……这些方法都不行! 写日志到文件参考下面:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef WIN32
#include <windows.h>
#include <io.h>
#else
#include <unistd.h>
#include <sys/time.h>
#include <pthread.h>
#define CRITICAL_SECTION pthread_mutex_t
#define _vsnprintf vsnprintf
#endif
//Log{
#define MAXLOGSIZE 20000000
#define MAXLINSIZE 16000
#include <time.h>
#include <sys/timeb.h>
#include <stdarg.h>
char logfilename1[]="MyLog1.log";
char logfilename2[]="MyLog2.log";
static char logstr[MAXLINSIZE+1];
char datestr[16];
char timestr[16];
char mss[4];
CRITICAL_SECTION cs_log;
FILE *flog;
#ifdef WIN32
void Lock(CRITICAL_SECTION *l) {
EnterCriticalSection(l);
}
void Unlock(CRITICAL_SECTION *l) {
LeaveCriticalSection(l);
}
#else
void Lock(CRITICAL_SECTION *l) {
pthread_mutex_lock(l);
}
void Unlock(CRITICAL_SECTION *l) {
pthread_mutex_unlock(l);
}
#endif
void LogV(const char *pszFmt,va_list argp) {
struct tm *now;
struct timeb tb;
if (NULL==pszFmt||0==pszFmt[0]) return;
_vsnprintf(logstr,MAXLINSIZE,pszFmt,argp);
ftime(&tb);
now=localtime(&tb.time);
sprintf(datestr,"%04d-%02d-%02d",now->tm_year+1900,now->tm_mon+1,now->tm_mday);
sprintf(timestr,"%02d:%02d:%02d",now->tm_hour ,now->tm_min ,now->tm_sec );
sprintf(mss,"%03d",tb.millitm);
printf("%s %s.%s %s",datestr,timestr,mss,logstr);
flog=fopen(logfilename1,"a");
if (NULL!=flog) {
fprintf(flog,"%s %s.%s %s",datestr,timestr,mss,logstr);
if (ftell(flog)>MAXLOGSIZE) {
fclose(flog);
if (rename(logfilename1,logfilename2)) {
remove(logfilename2);
rename(logfilename1,logfilename2);
}
} else {
fclose(flog);
}
}
}
void Log(const char *pszFmt,...) {
va_list argp;
Lock(&cs_log);
va_start(argp,pszFmt);
LogV(pszFmt,argp);
va_end(argp);
Unlock(&cs_log);
}
//Log}
int main(int argc,char * argv[]) {
int i;
#ifdef WIN32
InitializeCriticalSection(&cs_log);
#else
pthread_mutex_init(&cs_log,NULL);
#endif
for (i=0;i<10000;i++) {
Log("This is a Log %04d from FILE:%s LINE:%d\n",i, __FILE__, __LINE__);
}
#ifdef WIN32
DeleteCriticalSection(&cs_log);
#else
pthread_mutex_destroy(&cs_log);
#endif
return 0;
}
//1-78行添加到你带main的.c或.cpp的那个文件的最前面
//81-85行添加到你的main函数开头
//89-93行添加到你的main函数结束前
//在要写LOG的地方仿照第87行的写法写LOG到文件MyLog1.log中
linjiagao052 2015-08-12
- 打赏
- 举报
有两种方式可以解决:
1、附加上程序的pdb符号文件,分析dump文件,查看最后堆栈,能定位到具体行。
2、把windbg设置成默认调试器,程序崩溃的时候,直接调试(如果方便,可以直接把代码和符号载入,下断点跟踪)。
不过,就算定位到具体出问题的行,得到出问题的地方调用的参数等信息,还是需要自己去分析真实的原因。Good Luck!
柒-步 2015-08-12
- 打赏
- 举报
Defaulted to export symbols for C:\Windows\SYSTEM32\ntdll.dll -
ntdll!DbgBreakPoint:
我是在64位机上跑的,我附加后程序去读了这个目录下的ntdll.dll,而不是C:\Windows\SysWOW64
这个目录下的ntdll.dll
柒-步 2015-08-12
- 打赏
- 举报
我是新手,请教怎么把pdb对应起来。我现在也去查查看
柒-步 2015-08-12
- 打赏
- 举报
我是新手,请教怎么把pdb对应起来。我现在也去查查看
勤奋的小游侠 2015-08-12
- 打赏
- 举报
单一个dump文件很难道解析。
看看有没有办法将dump文件和pdb符号表对应起来找,找出出错的代码行
柒-步 2015-08-12
- 打赏
- 举报
那有什么建议,我进一步排查吗?
mujiok2003 2015-08-12
- 打赏
- 举报
ntdll!RtlFreeHeap+d0 内存释放的时候乎出问题了。原因可能有很多。
