1. ホーム
  2. 質問と答え
  3. ntdllの最初のチャンス例外0XC0000005 Windbg

ntdllの最初のチャンス例外0XC0000005 Windbg

2010-11-30 15 views
0

このクラッシュダンプを分析するのを手伝ってください。これが私の最後の手段であります。ntdllの最初のチャンス例外0XC0000005 Windbg

このダンプでクラッシュするWindows COM/DCOMサービスがあります。ここでヒープの破損が起こっているかのように見えます。このクラッシュは、Windows server 2008 sp2でのみ発生し、頭痛の原因となっています。

ここにはどの専門家が助けられますか?私はエラーを見つけたり、これをデバッグするためのヒントを証明するのに役立つ何かに感謝します。私はwindbgの初心者です。 ありがとうございます。以下 はwindbgの出力

Comment: 'Dump created by DbgHost. First chance exception 0XC0000005' 
Symbol search path is: C:\debug symbols;C:\Windows\Symbols 

Windows Server 2008/Windows Vista Version 6002 (Service Pack 2) UP Free x86 compatible 
Product: LanManNt, suite: Enterprise TerminalServer SingleUserTS 
Machine Name: 
Debug session time: Tue Nov 30 14:15:48.000 2010 (GMT+2) 
System Uptime: 5 days 0:32:32.875 
Process Uptime: 0 days 1:29:39.000 
........................................................... 
Loading unloaded module list .....  
This dump file has an exception of interest stored in it. 
The stored exception information can be accessed via .ecxr. 
(868.ae4): Access violation - code c0000005 (first/second chance not available) 
eax=c0c0c0a0 ebx=00140000 ecx=c0c0c0a0 edx=00141000 esi=00140000 edi=00140000 
eip=7005a43d esp=04ebf2dc ebp=04ebf320 iopl=0   nv up ei ng nz na pe nc 
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000    efl=00010286 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for verifier.dll - verifier!VerifierStopMessage+0x591d:  
7005a43d 8139aaaacdab cmp  dword ptr [ecx],0ABCDAAAAh ds:0023:c0c0c0a0=???????? 
*** WARNING: Unable to verify checksum for vsrv.exe 
0:011> !analyze -v  
******************************************************************************* 
*                    * 
*      Exception Analysis         * 
*                    * 
******************************************************************************* 

*** WARNING: Unable to verify checksum for TCheckLic.dll 
*** WARNING: Unable to verify checksum for regserverps.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for regserverps.dll - 
*** WARNING: Unable to verify checksum for carsps.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for carsps.dll - 
*** WARNING: Unable to verify checksum for vsrvps.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for vsrvps.dll - 
*** WARNING: Unable to verify checksum for vdbaccs.dll 
*** WARNING: Unable to verify checksum for VsrvPing.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for msiltcfg.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for WlS0WndH.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for wsock32.dll - 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for comctl32.dll  
*** ERROR: Symbol file could not be found. Defaulted to export symbols for wtsapi32.dll  
*** ERROR: Symbol file could not be found. Defaulted to export symbols for winnsi.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for sxs.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for winsta.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for psapi.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for lpk.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for clbcatq.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ws2_32.dll 
*** ERROR: Symbol file could not be found. Defaulted to export symbols for nsi.dll 
************************************************************************* 
***                 *** 
***                 *** 
*** Your debugger is not using the correct symbols     *** 
***                 *** 
*** In order for this command to work properly, your symbol path *** 
*** must point to .pdb files that have full type information.  *** 
***                 *** 
*** Certain .pdb files (such as the public OS symbols) do not  *** 
*** contain the required information. Contact the group that  *** 
*** provided you with these symbols if you need this command to *** 
*** work.               *** 
***                 *** 
*** Type referenced: IMAGE_NT_HEADERS32       *** 
***                 *** 
************************************************************************* 
Failed calling InternetOpenUrl, GLE=12007 
************************************************************************* 
***                 *** 
***                 *** 
*** Your debugger is not using the correct symbols     *** 
***                 *** 
*** In order for this command to work properly, your symbol path *** 
*** must point to .pdb files that have full type information.  *** 
***                 *** 
*** Certain .pdb files (such as the public OS symbols) do not  *** 
*** contain the required information. Contact the group that  *** 
*** provided you with these symbols if you need this command to *** 
*** work.               *** 
***                 *** 
*** Type referenced: kernel32!pNlsUserInfo       *** 
***                 *** 
************************************************************************* 
************************************************************************* 
***                 *** 
***                 *** 
*** Your debugger is not using the correct symbols     *** 
***                 *** 
*** In order for this command to work properly, your symbol path *** 
*** must point to .pdb files that have full type information.  *** 
***                 *** 
*** Certain .pdb files (such as the public OS symbols) do not  *** 
*** contain the required information. Contact the group that  *** 
*** provided you with these symbols if you need this command to *** 
*** work.               *** 
***                 *** 
*** Type referenced: kernel32!pNlsUserInfo       *** 
***                 *** 
************************************************************************* 

FAULTING_IP: 
verifier!VerifierStopMessage+591d 
7005a43d 8139aaaacdab cmp  dword ptr [ecx],0ABCDAAAAh 

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) 
ExceptionAddress: 7005a43d (verifier!VerifierStopMessage+0x0000591d) 
    ExceptionCode: c0000005 (Access violation) 
    ExceptionFlags: 00000000 
NumberParameters: 2 
    Parameter[0]: 00000000 
    Parameter[1]: c0c0c0a0 
Attempt to read from address c0c0c0a0 

PROCESS_NAME: vsrv.exe 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. 

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. 

EXCEPTION_PARAMETER1: 00000000 

EXCEPTION_PARAMETER2: c0c0c0a0 

READ_ADDRESS: c0c0c0a0 

FOLLOWUP_IP: 
verifier!VerifierStopMessage+591d 
7005a43d 8139aaaacdab cmp  dword ptr [ecx],0ABCDAAAAh 

NTGLOBALFLAG: 2000000 

APPLICATION_VERIFIER_FLAGS: 0 

ADDITIONAL_DEBUG_TEXT: Enable Pageheap/AutoVerifer 

FAULTING_THREAD: 00000ae4 

DEFAULT_BUCKET_ID: HEAP_CORRUPTION 

PRIMARY_PROBLEM_CLASS: HEAP_CORRUPTION 

BUGCHECK_STR: APPLICATION_FAULT_HEAP_CORRUPTION_INVALID_POINTER_READ 

LAST_CONTROL_TRANSFER: from 7005a9e0 to 7005a43d 

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong. 
04ebf320 7005a9e0 00141000 c0c0c0c0 00000004 verifier!VerifierStopMessage+0x591d 
04ebf33c 700587eb 00141000 00240000 01000002 verifier!VerifierStopMessage+0x5ec0 
04ebf390 77622614 00140000 01000002 c0c0c0c0 verifier!VerifierStopMessage+0x3ccb 
04ebf3d8 775eb7cd 00140000 01000002 c0c0c0c0 ntdll!RtlDebugFreeHeap+0x2f 
04ebf4cc 775d7545 c0c0c0c0 c0c0c0c0 04ebf604 ntdll!RtlpFreeHeap+0x5f 
04ebf4e8 762f9a26 00140000 00000000 c0c0c0c0 ntdll!RtlFreeHeap+0x14e 
04ebf4fc 773aaf25 00140000 00000000 c0c0c0c0 kernel32!HeapFree+0x14 
04ebf510 773aaf41 7747f6f8 c0c0c0c0 04ebf538 ole32!CRetailMalloc_Free+0x1c 
04ebf520 75e16efc c0c0c0c0 04ebf604 037d3e6c ole32!CoTaskMemFree+0x13 
04ebf538 75e08221 c0c0c0c0 c0c0c0c0 037d3e6c rpcrt4!NdrPointerFree+0xb5 
04ebf560 75e0825a 00000000 04ebf58c 75e16ecb rpcrt4!NdrpEmbeddedPointerFree+0x4c 
04ebf56c 75e16ecb 04ebf604 09afcff0 037d3e60 rpcrt4!NdrSimpleStructFree+0x1c 
04ebf58c 75e16ecb 09afcff0 09afcff0 037d3e52 rpcrt4!NdrPointerFree+0x91 
04ebf5ac 75ea25c8 09afcff0 04ebf840 037d3e4e rpcrt4!NdrPointerFree+0x91 
04ebf5d4 75ea248b 04ebf840 00000002 04ebf7e0 rpcrt4!NdrpFreeParams+0x150 
04ebf5e4 75ea2429 feabd21b 09a52fe0 07bd6f28 rpcrt4!NdrStubCall2+0x9aa 
04ebf65c 751d192d 037d4968 00000000 00000000 rpcrt4!NdrStubCall2+0x55c 
04ebfa04 75ea293b 09a52fe0 0982cfc0 07bd6f28 rsaenh!AesExpandKey+0x23 
04ebfa54 7747a8c5 09a52fe0 07bd6f28 0982cfc0 rpcrt4!CStdStubBuffer_Invoke+0xa0 
04ebfa9c 7747aa59 07bd6f28 09225f08 08dbec38 ole32!SyncStubInvoke+0x3c 
04ebfae8 773a61d6 07bd6f28 09a12f18 09a52fe0 ole32!StubInvoke+0xb9 
04ebfbc4 773a60e7 0982cfc0 00000000 09a52fe0 ole32!CCtxComChnl::ContextInvoke+0xfa 
04ebfbe0 773a6df5 07bd6f28 00000001 09a52fe0 ole32!MTAInvoke+0x1a 
04ebfc0c 7747a981 07bd6f28 00000001 09a52fe0 ole32!STAInvoke+0x46 
04ebfc40 7747a79b d0908070 0982cfc0 09a52fe0 ole32!AppInvoke+0xaa 
04ebfd1c 7747ae2d 07bd6ed0 06ffd420 00000400 ole32!ComInvokeWithLockAndIPID+0x32c 
04ebfd44 773a6bcd 07bd6ed0 00000400 06df2e30 ole32!ComInvoke+0xc5 
04ebfd58 773a6b8c 07bd6ed0 04ebfe18 00000400 ole32!ThreadDispatch+0x23 
04ebfd9c 75fafd72 00ba002a 00000400 0000babe ole32!ThreadWndProc+0x167 
04ebfdc8 75fafe4a 773a6aef 00ba002a 00000400 user32!InternalCallWinProc+0x23 
04ebfe40 75fb018d 00000000 773a6aef 00ba002a user32!UserCallWinProcCheckWow+0x14b 
04ebfea4 75fa8b7c 773a6aef 00000001 04ebff34 user32!DispatchMessageWorker+0x322 
04ebfeb4 0044fbc9 04ebff14 00000000 00000000 user32!DispatchMessageA+0xf 
04ebff34 0044faf1 00000000 00000000 041b2e88 vsrv!ATL::CComApartment::Apartment+0xc9 [d:\program files\microsoft visual studio\vc98\atl\include\atlbase.h @ 3837] 
04ebff88 762fd0e9 041b2e88 04ebffd4 775b19bb vsrv!ATL::CComApartment::_Apartment+0x11 [d:\program files\microsoft visual studio\vc98\atl\include\atlbase.h @ 3815] 
04ebff94 775b19bb 041b2e88 6a03c808 00000000 kernel32!BaseThreadInitThunk+0xe 
04ebffd4 775b198e 00402428 041b2e88 ffffffff ntdll!__RtlUserThreadStart+0x23 
04ebffec 00000000 00402428 041b2e88 00000000 ntdll!_RtlUserThreadStart+0x1b 


STACK_COMMAND: .cxr 00000000 ; kb ; ~11s; .ecxr ; kb 

SYMBOL_NAME: heap_corruption!heap_corruption 

FOLLOWUP_NAME: MachineOwner 

MODULE_NAME: heap_corruption 

IMAGE_NAME: heap_corruption 

DEBUG_FLR_IMAGE_TIMESTAMP: 0 

FAILURE_BUCKET_ID: HEAP_CORRUPTION_c0000005_heap_corruption!heap_corruption 

BUCKET_ID: APPLICATION_FAULT_HEAP_CORRUPTION_INVALID_POINTER_READ_heap_corruption!heap_corruption 

WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/vsrv_exe/68_50_606_0/4ce50c9e /verifier_dll/6_0_6001_18000/4791a775/c0000005/0001a43d.htm?Retriage=1 

Followup: MachineOwner

出典

2010-11-30 user525133

答えて

0

は、あなたがこれをREPROはできますか?

もしそうなら、

  1. は、シンボルサーバーを使用するように適切にシンボルを設定します。

    など。お使いの環境変数は、デフォルトのテストを使用してwindbg -xd av -xd ch -xd sov ApplicationCommandLineのようなコマンドラインを使用してアプリケーションを通じ実行するアプリケーション検証ツールをセットアップし

    _NT_SYMBOL_PATH=SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols

  2. 設定します。

    メモリが破壊されている場合、AppVerifはそれをキャッチしてデバッガで2回目の例外を発生させる可能性が高くなります。 フルページヒープを有効にして、ヒープオーバーランがアクセス違反を直ちに犯すようにしてください。

  3. 必要に応じて、!avrfの拡張子を熟知してください。

出典

2010-11-30 12:58:45

+0

はい私はこれを非常に簡単に再現できます。唯一の問題は、テストマシンにインターネットアクセスがないことです。ダウンロードしたシンボルに何か問題がありますか?アプリケーション検証ツールを使用しようとしましたが、Apllication検証ツールを使用してサービスを開始するたびに、単純なテストによってサービスがクラッシュして終了しました。 – user525133

+0

もう1つの問題は、マルチスレッドであり、問​​題なくデバッガを接続する方法を見つけていないため、サービス上でライブデバッグを行うことができないことです。 – user525133

+0

私はフルページヒープと添付デバッガを有効にしました – user525133

関連する問題

 関連する問題