-
-
[原创]分析一个死锁问题
-
发表于:
2016-3-30 11:35
13964
-
很久没来看雪安发技术文章了,毕业之后就一直从事软件开发,至今6年,一直没换过工作。大家都说,要跳1-2槽之后,待遇就能提升。
一天,笔者的电脑有一个进程退不出。以笔者的经验来看,准是出现死锁了。
上windbg,加载好符号文件,查看下当前进程的所有线程,总共有11个线程。
这么多个线程,从哪里看起? 我个人经验先看下主线程,即0号线程。
查看0号线程:
0:000> kb
ChildEBP RetAddr Args to Child
0018e7cc 777b8e44 00000144 00000000 00000000 ntdll!NtWaitForSingleObject+0x15
0018e830 777b8d28 00000000 00000000 00000001 ntdll!RtlpWaitOnCriticalSection+0x13e
0018e858 777bc401 778820c0 78f87208 00000000 ntdll!RtlEnterCriticalSection+0x150
0018e9c4 777bc558 0018ea28 0018e9f0 00000000 ntdll!LdrpLoadDll+0x287
0018e9fc 757d2c95 0018e9f0 0018ea40 0018ea28 ntdll!LdrLoadDll+0xaa
WARNING: Stack unwind information not available. Following frames may be wrong.
0018ea38 756c4904 00000000 00000000 005be8a4 KERNELBASE!LoadLibraryExW+0x1f1
0018ea4c 75a04f50 759c5ee8 0018ea68 759f7e3d kernel32!LoadLibraryW+0x11
0018ea58 759f7e3d 005cda80 00613830 0018ea74 msctf!SysAllocString+0x19
0018ea68 759f8101 00613ab0 0018eb34 759ce8cd msctf!CLBarItemCtrl::GetTextOrTooltipString+0x2d
0018ea74 759ce8cd 005d4ecc 00613ab0 0018ee28 msctf!CLBarItemCtrl::GetTooltipString+0x13
0018eb34 759edd7d 005d5890 0000001e 006137b0 msctf!CLangBarItemMgr::GetItemsEx+0x1b4
0018ecb4 759ef11c 005e1e88 0000001e 0018ede8 msctf!CStubITfLangBarItemMgr_P::stub_GetItemsEx+0x265
0018ecc4 759fa9cc 00000010 0018ee28 f2577976 msctf!CStubITfLangBarItemMgr_P::Invoke+0x13
0018ede8 759d1ca3 0018ee28 00000000 005d4418 msctf!CCtfClientPort::ProcessMessage+0x619
0018eefc 759cf417 00000000 759a475f 00000000 msctf!CCtfClientPort::Receive+0x660
0018ef48 75b162fa 000b0534 0000c042 00000000 msctf!CicMarshalWndProc+0x3b5
0018ef74 75b16d3a 759a475f 000b0534 0000c042 user32!InternalCallWinProc+0x23
0018efec 75b20d27 00000000 759a475f 000b0534 user32!UserCallWinProcCheckWow+0x109
0018f024 75b2794a ffff0ab1 000b0534 0000c042 user32!CallWindowProcAorW+0xab
0018f044 732fbc49 ffff0ab1 000b0534 0000c042 user32!CallWindowProcA+0x1b
0018f0bc 75b162fa 000b0534 0000c042 00000000 mfc42!_AfxActivationWndProc+0x13f
0018f0e8 75b16d3a 732fbbd6 000b0534 0000c042 user32!InternalCallWinProc+0x23
0018f160 75b177c4 00000000 732fbbd6 000b0534 user32!UserCallWinProcCheckWow+0x109
0018f1c0 75b17bca 732fbbd6 00000001 0018f200 user32!DispatchMessageWorker+0x3bc
0018f1d0 73305448 00430ad4 00000001 0018f264 user32!DispatchMessageA+0xf
0018f1e0 7331ef51 00000004 0018f264 00000000 mfc42!CWinThread::PumpMessage+0x42
0018f200 73331aca 00000004 f24917a6 0000013c mfc42!CWnd::RunModalLoop+0xd6
0018f244 00412094 758708a9 000001bb 758b3ab1 mfc42!CDialog::DoModal+0x11e
0018f6fc 00000000 00000001 0277e0b3 000001bb SangforUD+0x12094
0号线程卡在kernel32!LoadLibraryW,临界区的锁。
0:000> !cs 778820c0
-----------------------------------------
Critical section = 0x778820c0 (ntdll!LdrpLoaderLock+0x0)
DebugInfo = 0x77884380
LOCKED
LockCount = 0x4
WaiterWoken = No
OwningThread = 0x00001898
RecursionCount = 0x1
LockSemaphore = 0x144
SpinCount = 0x00000000
0:000> ~~[0x00001898]
8 Id: 1548.1898 Suspend: 0 Teb: 7ef90000 Unfrozen
Start: msvcrt!_endthreadex+0x6f (758712e5)
Priority: 0 Priority class: 32 Affinity: f
0号线程等待临界区ntdll!RtlEnterCriticalSection+0x150,而临界区被8号线程拥有。
切换到8号线程
0:000> ~8s
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=77026814 edi=00000000
eip=7779f8d1 esp=0491d8ec ebp=0491d950 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtWaitForSingleObject+0x15:
7779f8d1 83c404 add esp,4
0:008> kb
ChildEBP RetAddr Args to Child
0491d8ec 777b8e44 0000031c 00000000 00000000 ntdll!NtWaitForSingleObject+0x15
0491d950 777b8d28 00000000 00000000 77028bd4 ntdll!RtlpWaitOnCriticalSection+0x13e
0491d978 76f25b6a 77026814 00000000 04c4e380 ntdll!RtlEnterCriticalSection+0x150
0491d990 76f25d77 76f29af4 0491d9b8 76f25cff ole32!CComCatalog::InitializeCatalogIfNeccessary+0x26
0491d99c 76f25cff 76f2556c 0491d9b4 00000000 ole32!GetCatalogHelper+0x12
0491d9b8 76f050b3 04c50b38 0491dc08 00000000 ole32!InitializeCatalogIfNecessary+0x32
0491d9dc 04c44285 04c4e380 0491dbf8 04c50b38 ole32!CLSIDFromProgID+0x8c
WARNING: Stack unwind information not available. Following frames may be wrong.
0491dc08 04c492d0 04c4e380 00000000 0491ddcc 1_SangforNsp!DllUnregisterServer+0x25f7
00000000 00000000 00000000 00000000 00000000 1_SangforNsp!SetInnerDnsIPAndSuffix+0x259
8号线程也在等待一把临界区锁
0:008> !cs 77026814
-----------------------------------------
Critical section = 0x77026814 (ole32!g_catLock+0x0)
DebugInfo = 0x005bfcf8
LOCKED
LockCount = 0x1
WaiterWoken = No
OwningThread = 0x000019d0
RecursionCount = 0x1
LockSemaphore = 0x31C
SpinCount = 0x00000000
0:008> ~~[0x000019d0]
4 Id: 1548.19d0 Suspend: 0 Teb: 7ef9c000 Unfrozen
Start: ntdll!TppWorkerThread (777d3e85)
Priority: 0 Priority class: 32 Affinity: f
8号线程在等待4号线程
切换到4号线程
0:008> ~4s
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=778820c0 edi=00000000
eip=7779f8d1 esp=0449f240 ebp=0449f2a4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtWaitForSingleObject+0x15:
7779f8d1 83c404 add esp,4
0:004> kb
ChildEBP RetAddr Args to Child
0449f240 777b8e44 00000144 00000000 00000000 ntdll!NtWaitForSingleObject+0x15
0449f2a4 777b8d28 00000000 00000000 777afaa4 ntdll!RtlpWaitOnCriticalSection+0x13e
0449f2cc 777afff3 778820c0 7ca96ff0 00000001 ntdll!RtlEnterCriticalSection+0x150
0449f43c 777afd4f 00000001 00000001 00000000 ntdll!LdrGetDllHandleEx+0x2f7
0449f458 757d1a35 00000001 00000000 0449f4c8 ntdll!LdrGetDllHandle+0x18
WARNING: Stack unwind information not available. Following frames may be wrong.
0449f4ac 757d1c49 0449f4c8 f6189930 00000000 KERNELBASE!GetModuleFileNameW+0x1a9
0449f924 757d1d44 00000001 00000002 76f25f90 KERNELBASE!GetModuleFileNameW+0x3bd
0449f93c 76f25f25 76f25f90 00000000 77028bd4 KERNELBASE!GetModuleHandleW+0x29
0449f954 76f25b87 76f255e0 77028bf0 00000000 ole32!GetRegCatalogObject+0x25
0449f978 76f25d77 00000000 0449f9a0 76f25cff ole32!CComCatalog::InitializeCatalogIfNeccessary+0x43
0449f984 76f25cff 76f2556c 0449f99c 76a0da3c ole32!GetCatalogHelper+0x12
0449f9a0 76f2ab70 76f2ee84 00000000 0449fa98 ole32!InitializeCatalogIfNecessary+0x32
0449f9b0 76f29f1e 76a0da3c 0449fa84 00000000 ole32!LookForConfiguredClsid+0x43
0449fa98 76f29e25 76a0da3c 00000000 00000017 ole32!ICoCreateInstanceEx+0x11c
0449faf8 76f29d86 76a0da3c 00000000 00000017 ole32!CComActivator::DoCreateInstance+0xd9
0449fb1c 76f29d3f 76a0da3c 00000000 00000017 ole32!CoCreateInstanceEx+0x38
0449fb4c 76a0d583 76a0da3c 00000000 00000017 ole32!CoCreateInstance+0x37
0449fbe4 769e6b06 00000000 00608fcc 00608fd0 wininet!InternetConfirmZoneCrossingA+0x9053
0449fc08 76a0da9b 00608fc4 00608fc8 00000000 wininet!GopherGetLocatorTypeA+0x52f6
0449fc30 76a0ce7f 005e4f00 00608fc4 00608fc8 wininet!InternetConfirmZoneCrossingA+0x956b
0449fcb8 76a1d986 0449fd04 0449fcd4 00608fc0 wininet!InternetConfirmZoneCrossingA+0x894f
0449fd0c 76a1dc7e 0449fd6c 0449fd40 0449fd78 wininet!InternetConfirmZoneCrossingA+0x19456
0449fd9c 769221fc 005d5cb0 00000000 005f0fa0 wininet!InternetConfirmZoneCrossingA+0x1974e
0449fdb4 777e9512 00610b28 7ca965e4 005e3fd8 wininet!DeleteUrlCacheEntryW+0x1142c
0449fe28 777d4429 00610b28 005f0fa0 7ca96444 ntdll!RtlpTpWorkCallback+0x11d
0449ff88 756c338a 005e3fd0 0449ffd4 777b9f72 ntdll!TppWorkerThread+0x572
0449ff94 777b9f72 005e3fd0 7ca96418 00000000 kernel32!BaseThreadInitThunk+0x12
0449ffd4 777b9f45 777d3e85 005e3fd0 00000000 ntdll!__RtlUserThreadStart+0x70
0449ffec 00000000 777d3e85 005e3fd0 00000000 ntdll!_RtlUserThreadStart+0x1b
4号线程也在等待一把锁
0:008> !cs 778820c0
-----------------------------------------
Critical section = 0x778820c0 (ntdll!LdrpLoaderLock+0x0)
DebugInfo = 0x77884380
LOCKED
LockCount = 0x4
WaiterWoken = No
OwningThread = 0x00001898
RecursionCount = 0x1
LockSemaphore = 0x144
SpinCount = 0x00000000
0:004> ~~[0x00001898]
8 Id: 1548.1898 Suspend: 0 Teb: 7ef90000 Unfrozen
Start: msvcrt!_endthreadex+0x6f (758712e5)
Priority: 0 Priority class: 32 Affinity: f
0:008> lm vm 1_SangforNsp
start end module name
04c40000 04dad000 1_SangforNsp (export symbols) 1_SangforNsp.dll
Loaded symbol image file: 1_SangforNsp.dll
Image path: C:\Program Files (x86)\Sangfor\VDI\ClientComponent\1_SangforNsp.dll
Image name: 1_SangforNsp.dll
Timestamp: Fri Nov 08 11:04:01 2013 (527C54A1)
CheckSum: 00178715
ImageSize: 0016D000
File version: 2.0.0.0
Product version: 2.0.0.0
File flags: 20 (Mask 3F) Special
File OS: 4 Unknown Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Sangfor
ProductName: SangforNsp Module
InternalName: SangforNsp
OriginalFilename: SangforNsp.DLL
ProductVersion: 2, 0, 0, 0
FileVersion: 2, 0, 0, 0
PrivateBuild: 2, 0, 0, 0
SpecialBuild: 20100527
FileDescription: SangforNsp Module - VDI
LegalCopyright: Copyright 2009
LegalTrademarks: Copyright 2009
0:008> u 1_SangforNsp!SetInnerDnsIPAndSuffix+0x259
1_SangforNsp!SetInnerDnsIPAndSuffix+0x259:
04c492d0 8bd8 mov ebx,eax
04c492d2 59 pop ecx
04c492d3 3bdd cmp ebx,ebp
04c492d5 7458 je 1_SangforNsp!SetInnerDnsIPAndSuffix+0x2b8 (04c4932f)
04c492d7 56 push esi
04c492d8 8b35a0b0c404 mov esi,dword ptr [1_SangforNsp!SetInnerDnsIPAndSuffix+0x2029 (04c4b0a0)]
04c492de 57 push edi
04c492df 68540ac504 push offset 1_SangforNsp!SetInnerDnsIPAndSuffix+0x79dd (04c50a54)
IAD加载1_SangforNsp,选择手动加载,选择基址为04c40000
0:008> kb
ChildEBP RetAddr Args to Child
0491d8ec 777b8e44 0000031c 00000000 00000000 ntdll!NtWaitForSingleObject+0x15
0491d950 777b8d28 00000000 00000000 77028bd4 ntdll!RtlpWaitOnCriticalSection+0x13e
0491d978 76f25b6a 77026814 00000000 04c4e380 ntdll!RtlEnterCriticalSection+0x150
0491d990 76f25d77 76f29af4 0491d9b8 76f25cff ole32!CComCatalog::InitializeCatalogIfNeccessary+0x26
0491d99c 76f25cff 76f2556c 0491d9b4 00000000 ole32!GetCatalogHelper+0x12
0491d9b8 76f050b3 04c50b38 0491dc08 00000000 ole32!InitializeCatalogIfNecessary+0x32
0491d9dc 04c44285 04c4e380 0491dbf8 04c50b38 ole32!CLSIDFromProgID+0x8c
WARNING: Stack unwind information not available. Following frames may be wrong.
0491dc08 04c492d0 04c4e380 00000000 0491ddcc 1_SangforNsp!DllUnregisterServer+0x25f7
00000000 00000000 00000000 00000000 00000000 1_SangforNsp!SetInnerDnsIPAndSuffix+0x259
在IDA中找到调用CLSIDFromProgID的地方
0号线程调用LoadLibray,最后调用ntdll的LdrpLoadDll,等待LoaderLock这把锁。 (以下代码来自泄露版win2k)
if ( LdrpInLdrInit == FALSE ) {
RtlEnterCriticalSection((PRTL_CRITICAL_SECTION)NtCurrentPeb()->LoaderLock);
}
而这把锁被8号线程拥有LoaderLock这把锁,同时也在等另外一把锁g_catLock。
IDA分析ole32.dll,找到CComCatalog::InitializeCatalogIfNeccessary函数。
HRESULT __thiscall CComCatalog::InitializeCatalogIfNeccessary(CComCatalog *this)
{
CComCatalog *v1; // ebx@1
void *v2; // eax@6
CCache *v3; // eax@7
void *v4; // eax@8
CCache *v5; // eax@9
void *v6; // eax@10
CCache *v7; // eax@11
void *v8; // eax@11
CCache *v9; // eax@12
HRESULT hr; // [sp+8h] [bp-4h]@1
v1 = this;
hr = 0;
if ( !CComCatalog::ms_fInitialized )
{
EnterCriticalSection(&g_catLock);
这把锁g_catLock被4号线程拥有。4号线程也在等待8号线程的LoaderLock这把锁。4号线程和8号线程死锁了。
(g_catLock) 4------------->8 (LoaderLock)
<-------------
g_catLock这把锁恰恰是调用CLSIDFromProgID导致的,而LoaderLock刚好锁DllMain。
经验教训:
1、避免DllMain调用LoadLibray
2、假如无法避免,那么要确定DllMain调用的winapi有无副作用。
附录:
0:000> ~*kb
. 0 Id: 1548.98c Suspend: 0 Teb: 7efdd000 Unfrozen
ChildEBP RetAddr Args to Child
0018e7cc 777b8e44 00000144 00000000 00000000 ntdll!NtWaitForSingleObject+0x15
0018e830 777b8d28 00000000 00000000 00000001 ntdll!RtlpWaitOnCriticalSection+0x13e
0018e858 777bc401 778820c0 78f87208 00000000 ntdll!RtlEnterCriticalSection+0x150
0018e9c4 777bc558 0018ea28 0018e9f0 00000000 ntdll!LdrpLoadDll+0x287
0018e9fc 757d2c95 0018e9f0 0018ea40 0018ea28 ntdll!LdrLoadDll+0xaa
WARNING: Stack unwind information not available. Following frames may be wrong.
0018ea38 756c4904 00000000 00000000 005be8a4 KERNELBASE!LoadLibraryExW+0x1f1
0018ea4c 75a04f50 759c5ee8 0018ea68 759f7e3d kernel32!LoadLibraryW+0x11
0018ea58 759f7e3d 005cda80 00613830 0018ea74 msctf!SysAllocString+0x19
0018ea68 759f8101 00613ab0 0018eb34 759ce8cd msctf!CLBarItemCtrl::GetTextOrTooltipString+0x2d
0018ea74 759ce8cd 005d4ecc 00613ab0 0018ee28 msctf!CLBarItemCtrl::GetTooltipString+0x13
0018eb34 759edd7d 005d5890 0000001e 006137b0 msctf!CLangBarItemMgr::GetItemsEx+0x1b4
0018ecb4 759ef11c 005e1e88 0000001e 0018ede8 msctf!CStubITfLangBarItemMgr_P::stub_GetItemsEx+0x265
0018ecc4 759fa9cc 00000010 0018ee28 f2577976 msctf!CStubITfLangBarItemMgr_P::Invoke+0x13
0018ede8 759d1ca3 0018ee28 00000000 005d4418 msctf!CCtfClientPort::ProcessMessage+0x619
0018eefc 759cf417 00000000 759a475f 00000000 msctf!CCtfClientPort::Receive+0x660
0018ef48 75b162fa 000b0534 0000c042 00000000 msctf!CicMarshalWndProc+0x3b5
0018ef74 75b16d3a 759a475f 000b0534 0000c042 user32!InternalCallWinProc+0x23
0018efec 75b20d27 00000000 759a475f 000b0534 user32!UserCallWinProcCheckWow+0x109
0018f024 75b2794a ffff0ab1 000b0534 0000c042 user32!CallWindowProcAorW+0xab
0018f044 732fbc49 ffff0ab1 000b0534 0000c042 user32!CallWindowProcA+0x1b
0018f0bc 75b162fa 000b0534 0000c042 00000000 mfc42!_AfxActivationWndProc+0x13f
0018f0e8 75b16d3a 732fbbd6 000b0534 0000c042 user32!InternalCallWinProc+0x23
0018f160 75b177c4 00000000 732fbbd6 000b0534 user32!UserCallWinProcCheckWow+0x109
0018f1c0 75b17bca 732fbbd6 00000001 0018f200 user32!DispatchMessageWorker+0x3bc
0018f1d0 73305448 00430ad4 00000001 0018f264 user32!DispatchMessageA+0xf
0018f1e0 7331ef51 00000004 0018f264 00000000 mfc42!CWinThread::PumpMessage+0x42
0018f200 73331aca 00000004 f24917a6 0000013c mfc42!CWnd::RunModalLoop+0xd6
0018f244 00412094 758708a9 000001bb 758b3ab1 mfc42!CDialog::DoModal+0x11e
0018f6fc 00000000 00000001 0277e0b3 000001bb SangforUD+0x12094
1 Id: 1548.172c Suspend: 0 Teb: 7efda000 Unfrozen
ChildEBP RetAddr Args to Child
02eefbc4 757d149d 000002c0 00000000 02eefc0c ntdll!NtWaitForSingleObject+0x15
WARNING: Stack unwind information not available. Following frames may be wrong.
02eefc30 756c1194 000002c0 0001d4c0 00000000 KERNELBASE!WaitForSingleObjectEx+0x98
02eefc48 756c1148 000002c0 0001d4c0 00000000 kernel32!WaitForSingleObjectEx+0x43
02eefc5c 0040d78a 000002c0 0001d4c0 0028b9e8 kernel32!WaitForSingleObject+0x12
02eefc6c 00402d12 0028b9e8 0001d4c0 0000025c SangforUD+0xd78a
02eefca4 00402e4c 02eefe0c 00000104 00426f84 SangforUD+0x2d12
02eefe00 00000000 00000000 555c3a43 73726573 SangforUD+0x2e4c
2 Id: 1548.aa4 Suspend: 0 Teb: 7efd7000 Unfrozen
ChildEBP RetAddr Args to Child
0311fe60 757d149d 000000f0 00000000 0311fea8 ntdll!NtWaitForSingleObject+0x15
WARNING: Stack unwind information not available. Following frames may be wrong.
0311fecc 756c1194 000000f0 00001388 00000000 KERNELBASE!WaitForSingleObjectEx+0x98
0311fee4 756c1148 000000f0 00001388 00000000 kernel32!WaitForSingleObjectEx+0x43
0311fef8 004111d1 000000f0 00001388 00000000 kernel32!WaitForSingleObject+0x12
0311ff80 75871328 0311ff94 756c338a 0277e790 SangforUD+0x111d1
0311ff88 756c338a 0277e790 0311ffd4 777b9f72 msvcrt!_endthreadex+0xce
0311ff94 777b9f72 0277e790 7bf16418 00000000 kernel32!BaseThreadInitThunk+0x12
0311ffd4 777b9f45 758712e5 0277e790 00000000 ntdll!__RtlUserThreadStart+0x70
0311ffec 00000000 758712e5 0277e790 00000000 ntdll!_RtlUserThreadStart+0x1b
3 Id: 1548.480 Suspend: 0 Teb: 7ef9f000 Unfrozen
ChildEBP RetAddr Args to Child
0321fdf4 777d2f91 0000000b 005e3dc8 00000001 ntdll!ZwWaitForMultipleObjects+0x15
0321ff88 756c338a 00000000 0321ffd4 777b9f72 ntdll!TppWaiterpThread+0x33d
WARNING: Stack unwind information not available. Following frames may be wrong.
0321ff94 777b9f72 005e3d98 7bc16418 00000000 kernel32!BaseThreadInitThunk+0x12
0321ffd4 777b9f45 777d2e65 005e3d98 00000000 ntdll!__RtlUserThreadStart+0x70
0321ffec 00000000 777d2e65 005e3d98 00000000 ntdll!_RtlUserThreadStart+0x1b
4 Id: 1548.19d0 Suspend: 0 Teb: 7ef9c000 Unfrozen
ChildEBP RetAddr Args to Child
0449f240 777b8e44 00000144 00000000 00000000 ntdll!NtWaitForSingleObject+0x15
0449f2a4 777b8d28 00000000 00000000 777afaa4 ntdll!RtlpWaitOnCriticalSection+0x13e
0449f2cc 777afff3 778820c0 7ca96ff0 00000001 ntdll!RtlEnterCriticalSection+0x150
0449f43c 777afd4f 00000001 00000001 00000000 ntdll!LdrGetDllHandleEx+0x2f7
0449f458 757d1a35 00000001 00000000 0449f4c8 ntdll!LdrGetDllHandle+0x18
WARNING: Stack unwind information not available. Following frames may be wrong.
0449f4ac 757d1c49 0449f4c8 f6189930 00000000 KERNELBASE!GetModuleFileNameW+0x1a9
0449f924 757d1d44 00000001 00000002 76f25f90 KERNELBASE!GetModuleFileNameW+0x3bd
0449f93c 76f25f25 76f25f90 00000000 77028bd4 KERNELBASE!GetModuleHandleW+0x29
0449f954 76f25b87 76f255e0 77028bf0 00000000 ole32!GetRegCatalogObject+0x25
0449f978 76f25d77 00000000 0449f9a0 76f25cff ole32!CComCatalog::InitializeCatalogIfNeccessary+0x43
0449f984 76f25cff 76f2556c 0449f99c 76a0da3c ole32!GetCatalogHelper+0x12
0449f9a0 76f2ab70 76f2ee84 00000000 0449fa98 ole32!InitializeCatalogIfNecessary+0x32
0449f9b0 76f29f1e 76a0da3c 0449fa84 00000000 ole32!LookForConfiguredClsid+0x43
0449fa98 76f29e25 76a0da3c 00000000 00000017 ole32!ICoCreateInstanceEx+0x11c
0449faf8 76f29d86 76a0da3c 00000000 00000017 ole32!CComActivator::DoCreateInstance+0xd9
0449fb1c 76f29d3f 76a0da3c 00000000 00000017 ole32!CoCreateInstanceEx+0x38
0449fb4c 76a0d583 76a0da3c 00000000 00000017 ole32!CoCreateInstance+0x37
0449fbe4 769e6b06 00000000 00608fcc 00608fd0 wininet!InternetConfirmZoneCrossingA+0x9053
0449fc08 76a0da9b 00608fc4 00608fc8 00000000 wininet!GopherGetLocatorTypeA+0x52f6
0449fc30 76a0ce7f 005e4f00 00608fc4 00608fc8 wininet!InternetConfirmZoneCrossingA+0x956b
0449fcb8 76a1d986 0449fd04 0449fcd4 00608fc0 wininet!InternetConfirmZoneCrossingA+0x894f
0449fd0c 76a1dc7e 0449fd6c 0449fd40 0449fd78 wininet!InternetConfirmZoneCrossingA+0x19456
0449fd9c 769221fc 005d5cb0 00000000 005f0fa0 wininet!InternetConfirmZoneCrossingA+0x1974e
0449fdb4 777e9512 00610b28 7ca965e4 005e3fd8 wininet!DeleteUrlCacheEntryW+0x1142c
0449fe28 777d4429 00610b28 005f0fa0 7ca96444 ntdll!RtlpTpWorkCallback+0x11d
0449ff88 756c338a 005e3fd0 0449ffd4 777b9f72 ntdll!TppWorkerThread+0x572
0449ff94 777b9f72 005e3fd0 7ca96418 00000000 kernel32!BaseThreadInitThunk+0x12
0449ffd4 777b9f45 777d3e85 005e3fd0 00000000 ntdll!__RtlUserThreadStart+0x70
0449ffec 00000000 777d3e85 005e3fd0 00000000 ntdll!_RtlUserThreadStart+0x1b
5 Id: 1548.15cc Suspend: 0 Teb: 7ef99000 Unfrozen
ChildEBP RetAddr Args to Child
0459fe28 777d3392 000001bc 0459fedc 7cb96444 ntdll!ZwWaitForWorkViaWorkerFactory+0x12
0459ff88 756c338a 005e2fd0 0459ffd4 777b9f72 ntdll!TppWorkerThread+0x216
WARNING: Stack unwind information not available. Following frames may be wrong.
0459ff94 777b9f72 005e2fd0 7cb96418 00000000 kernel32!BaseThreadInitThunk+0x12
0459ffd4 777b9f45 777d3e85 005e2fd0 00000000 ntdll!__RtlUserThreadStart+0x70
0459ffec 00000000 777d3e85 005e2fd0 00000000 ntdll!_RtlUserThreadStart+0x1b
6 Id: 1548.1a44 Suspend: 0 Teb: 7ef96000 Unfrozen
ChildEBP RetAddr Args to Child
0469fe28 777d3392 000001bc 0469fedc 7c896444 ntdll!ZwWaitForWorkViaWorkerFactory+0x12
0469ff88 756c338a 005e2fd0 0469ffd4 777b9f72 ntdll!TppWorkerThread+0x216
WARNING: Stack unwind information not available. Following frames may be wrong.
0469ff94 777b9f72 005e2fd0 7c896418 00000000 kernel32!BaseThreadInitThunk+0x12
0469ffd4 777b9f45 777d3e85 005e2fd0 00000000 ntdll!__RtlUserThreadStart+0x70
0469ffec 00000000 777d3e85 005e2fd0 00000000 ntdll!_RtlUserThreadStart+0x1b
7 Id: 1548.1684 Suspend: 0 Teb: 7ef93000 Unfrozen
ChildEBP RetAddr Args to Child
047dfe28 777d3392 000002b0 047dfedc 7c9d6444 ntdll!ZwWaitForWorkViaWorkerFactory+0x12
047dff88 756c338a 005ecb38 047dffd4 777b9f72 ntdll!TppWorkerThread+0x216
WARNING: Stack unwind information not available. Following frames may be wrong.
047dff94 777b9f72 005ecb38 7c9d6418 00000000 kernel32!BaseThreadInitThunk+0x12
047dffd4 777b9f45 777d3e85 005ecb38 00000000 ntdll!__RtlUserThreadStart+0x70
047dffec 00000000 777d3e85 005ecb38 00000000 ntdll!_RtlUserThreadStart+0x1b
8 Id: 1548.1898 Suspend: 0 Teb: 7ef90000 Unfrozen
ChildEBP RetAddr Args to Child
0491d8ec 777b8e44 0000031c 00000000 00000000 ntdll!NtWaitForSingleObject+0x15
0491d950 777b8d28 00000000 00000000 77028bd4 ntdll!RtlpWaitOnCriticalSection+0x13e
0491d978 76f25b6a 77026814 00000000 04c4e380 ntdll!RtlEnterCriticalSection+0x150
0491d990 76f25d77 76f29af4 0491d9b8 76f25cff ole32!CComCatalog::InitializeCatalogIfNeccessary+0x26
0491d99c 76f25cff 76f2556c 0491d9b4 00000000 ole32!GetCatalogHelper+0x12
0491d9b8 76f050b3 04c50b38 0491dc08 00000000 ole32!InitializeCatalogIfNecessary+0x32
0491d9dc 04c44285 04c4e380 0491dbf8 04c50b38 ole32!CLSIDFromProgID+0x8c
WARNING: Stack unwind information not available. Following frames may be wrong.
0491dc08 04c492d0 04c4e380 00000000 0491ddcc 1_SangforNsp!DllUnregisterServer+0x25f7
00000000 00000000 00000000 00000000 00000000 1_SangforNsp!SetInnerDnsIPAndSuffix+0x259
9 Id: 1548.f08 Suspend: 0 Teb: 7ef8d000 Unfrozen
ChildEBP RetAddr Args to Child
04a5fd78 777b8e44 00000144 00000000 00000000 ntdll!NtWaitForSingleObject+0x15
04a5fddc 777b8d28 00000000 00000000 04a5fe44 ntdll!RtlpWaitOnCriticalSection+0x13e
04a5fe04 777b02c9 778820c0 7c45656c 76a4fd68 ntdll!RtlEnterCriticalSection+0x150
04a5fea0 777b0202 770d0000 04a5fedc 00000000 ntdll!LdrGetProcedureAddressEx+0x159
04a5febc 757d1e4b 770d0000 04a5fedc 00000000 ntdll!LdrGetProcedureAddress+0x18
WARNING: Stack unwind information not available. Following frames may be wrong.
04a5fee4 768d3bae 770d0000 76a4fd68 005e2818 KERNELBASE!GetProcAddress+0x44
04a5ff4c 76923f59 76a4f1e0 76a68018 0000000e wininet!Ordinal417+0x3bae
04a5ff78 76a13de1 00000000 00000000 04a5ff94 wininet!InternetSetStatusCallbackW+0x2f9
04a5ff88 756c338a 005e2818 04a5ffd4 777b9f72 wininet!InternetConfirmZoneCrossingA+0xf8b1
04a5ff94 777b9f72 005e2818 7c456418 00000000 kernel32!BaseThreadInitThunk+0x12
04a5ffd4 777b9f45 76a13dd0 005e2818 00000000 ntdll!__RtlUserThreadStart+0x70
04a5ffec 00000000 76a13dd0 005e2818 00000000 ntdll!_RtlUserThreadStart+0x1b
10 Id: 1548.9fc Suspend: 0 Teb: 7ef8a000 Unfrozen
ChildEBP RetAddr Args to Child
04c3fb94 777b8e44 00000144 00000000 00000000 ntdll!NtWaitForSingleObject+0x15
04c3fbf8 777b8d28 00000000 00000000 00000000 ntdll!RtlpWaitOnCriticalSection+0x13e
04c3fc20 777ba12d 778820c0 7c236778 7ef8a000 ntdll!RtlEnterCriticalSection+0x150
04c3fcb4 777b9ecc 04c3fd24 7c2366cc 00000000 ntdll!LdrpInitializeThread+0xc6
04c3fd00 777b9ef9 04c3fd24 77780000 00000000 ntdll!_LdrpInitialize+0x1ad
04c3fd10 00000000 04c3fd24 77780000 00000000 ntdll!LdrInitializeThunk+0x10
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课