首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 付费问答
    3. 发新帖
[已解决] [悬赏]Windbg 调试程序崩溃问题 6.00雪花
发表于: 2017-4-27 11:50 7548

[已解决] [悬赏]Windbg 调试程序崩溃问题 6.00雪花

微笑着走过 活跃值
2017-4-27 11:50
7548

程序崩溃信息
问题签名:
  问题事件名称:        APPCRASH
  应用程序名:        通用存储服务器 - 线程池版.exe
  应用程序版本:        1.0.0.0
  应用程序时间戳:        5900c74d
  故障模块名称:        HPSocket4C-SSL.dll
  故障模块版本:        4.2.1.1
  故障模块时间戳:        58e6fee0
  异常代码:        c0000005
  异常偏移:        0000e636
  OS 版本:        6.2.9200.2.0.0.400.8
  区域设置 ID:        2052
  其他信息 1:        55f1
  其他信息 2:        55f1657aaf7b5b774a54b89f02856824
  其他信息 3:        25f3
  其他信息 4:        25f327aea32b56b41e1e247d6e5cf8d7
windbg信息

WARNING: Path element is empty

Microsoft (R) Windows Debugger Version 6.12.0002.633 X86

Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [D:\ls\bkts\通用存储服务器 - 线程池版.DMP]

User Mini Dump File with Full Memory: Only application data is available

WARNING: Path element is empty

Symbol search path is: SRV*D:\ls\bkts*http://msdl.microsoft.com/download/symbols;;C:\WINDOWS\system32

Executable search path is: 

Windows 7 Version 9200 MP (4 procs) Free x64

Product: Server, suite: TerminalServer DataCenter SingleUserTS

Machine Name:

Debug session time: Thu Apr 27 00:19:50.000 2017 (UTC + 8:00)

System Uptime: 3 days 1:18:47.384

Process Uptime: 0 days 0:04:02.000

................................................................

.............

wow64cpu!CpupSyscallStub+0x2:

00000000`77ad2ad2 c3              ret

0:000> .load wow64exts

0:000> !sw

Switched to 32bit mode

0:000:x86> !analyze -v

*******************************************************************************

*                                                                             *

*                        Exception Analysis                                   *

*                                                                             *

*******************************************************************************

*** WARNING: Unable to verify checksum for 通用存储服务器 - 线程池版.exe

*** ERROR: Module load completed but symbols could not be loaded for 通用存储服务器 - 线程池版.exe

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for HPSocket4C-SSL.dll - 

FAULTING_IP: 

+6522faf0402d8b4

00000000 ??              ???

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)

ExceptionAddress: 0000000000000000

   ExceptionCode: 80000003 (Break instruction exception)

  ExceptionFlags: 00000000

NumberParameters: 0

FAULTING_THREAD:  000000000000164c

DEFAULT_BUCKET_ID:  ZEROED_STACK

PROCESS_NAME:  Í¨Óô洢·þÎñÆ÷ - Ï̳߳ذæ.exe

ERROR_CODE: (NTSTATUS) 0x80000003 - {

EXCEPTION_CODE: (NTSTATUS) 0x80000003 (2147483651) - {

MOD_LIST: <ANALYSIS/>

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

PRIMARY_PROBLEM_CLASS:  ZEROED_STACK

BUGCHECK_STR:  APPLICATION_FAULT_ZEROED_STACK

LAST_CONTROL_TRANSFER:  from 0000000075c5c752 to 0000000077b6081c

STACK_TEXT:  

0018f258 75c5c752 00000002 0018f414 00000001 ntdll_77b30000!ZwWaitForMultipleObjects+0xc

0018f3dc 75de57d0 00000002 00000000 00000000 KERNELBASE!WaitForMultipleObjectsEx+0x10b

0018f450 75de597a 0018f550 0018f550 00000000 kernel32!WerpReportFaultInternal+0x1c4

0018f464 75db7a69 0018f550 0018f50c 75ce119c kernel32!WerpReportFault+0x6d

0018f470 75ce119c 0018f550 00000001 65524426 kernel32!BasepReportFault+0x19

0018f50c 004cc6c7 0018f550 00000000 0018ff74 KERNELBASE!UnhandledExceptionFilter+0x1f1

WARNING: Stack unwind information not available. Following frames may be wrong.

0018f524 004c7451 00000000 0018f550 004c9d67 ______________+0xcc6c7

0018ff84 75da86e3 7ffde000 0018ffd4 77b79e89 ______________+0xc7451

0018ff90 77b79e89 7ffde000 675cb1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0018ffd4 77b79e5c 004c7357 7ffde000 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0018ffec 00000000 004c7357 7ffde000 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

STACK_COMMAND:  ~0s; .ecxr ; kb

FOLLOWUP_IP: 

______________+cc6c7

004cc6c7 5e              pop     esi

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  ______________+cc6c7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ______________

IMAGE_NAME:  Í¨Óô洢·þÎñÆ÷ - Ï̳߳ذæ.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  5900c74d

BUCKET_ID:  X64_APPLICATION_FAULT_ZEROED_STACK_______________+cc6c7

FAILURE_BUCKET_ID:  ZEROED_STACK_80000003________________-_________.exe!Unknown

Followup: MachineOwner

---------

0:000:x86> ~*kb

.  0  Id: 15f0.164c Suspend: 0 Teb: 7ffdb000 Unfrozen

ChildEBP RetAddr  Args to Child              

0018f258 75c5c752 00000002 0018f414 00000001 ntdll_77b30000!ZwWaitForMultipleObjects+0xc

0018f3dc 75de57d0 00000002 00000000 00000000 KERNELBASE!WaitForMultipleObjectsEx+0x10b

0018f450 75de597a 0018f550 0018f550 00000000 kernel32!WerpReportFaultInternal+0x1c4

0018f464 75db7a69 0018f550 0018f50c 75ce119c kernel32!WerpReportFault+0x6d

0018f470 75ce119c 0018f550 00000001 65524426 kernel32!BasepReportFault+0x19

0018f50c 004cc6c7 0018f550 00000000 0018ff74 KERNELBASE!UnhandledExceptionFilter+0x1f1

WARNING: Stack unwind information not available. Following frames may be wrong.

0018f524 004c7451 00000000 0018f550 004c9d67 ______________+0xcc6c7

0018ff84 75da86e3 7ffde000 0018ffd4 77b79e89 ______________+0xc7451

0018ff90 77b79e89 7ffde000 675cb1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0018ffd4 77b79e5c 004c7357 7ffde000 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0018ffec 00000000 004c7357 7ffde000 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

   1  Id: 15f0.1654 Suspend: 1 Teb: 7ffd8000 Unfrozen

ChildEBP RetAddr  Args to Child              

0280ff5c 72e718c8 00000002 0280ff7c 00000001 ntdll_77b30000!ZwWaitForMultipleObjects+0xc

0280ff84 75da86e3 00000000 0280ffd4 77b79e89 netbios!NetbiosWaiter+0x74

0280ff90 77b79e89 00000000 65c4b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0280ffd4 77b79e5c 72e71854 00000000 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0280ffec 00000000 72e71854 00000000 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

   2  Id: 15f0.1658 Suspend: 1 Teb: 7ffd5000 Unfrozen

ChildEBP RetAddr  Args to Child              

0290fa88 75c5c752 00000002 0290fc34 00000001 ntdll_77b30000!ZwWaitForMultipleObjects+0xc

0290fc0c 72fa7990 00000002 00000000 00000000 KERNELBASE!WaitForMultipleObjectsEx+0x10b

0290fd3c 72fa790b 00000298 0290fd60 0290fd64 comsvcs!WaitCoalesced+0x93

0290ff84 75da86e3 00851ca0 0290ffd4 77b79e89 comsvcs!PingThread+0xdb

0290ff90 77b79e89 00851ca0 65d4b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0290ffd4 77b79e5c 72fa783a 00851ca0 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0290ffec 00000000 72fa783a 00851ca0 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

   3  Id: 15f0.1b50 Suspend: 1 Teb: 7fe9a000 Unfrozen

ChildEBP RetAddr  Args to Child              

03a1fde8 77b55fc6 000002b0 00861160 00000010 ntdll_77b30000!ZwWaitForWorkViaWorkerFactory+0xc

03a1ff84 75da86e3 00859fd0 03a1ffd4 77b79e89 ntdll_77b30000!TppWorkerThread+0x1e3

03a1ff90 77b79e89 00859fd0 64e5b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

03a1ffd4 77b79e5c 77b56b91 00859fd0 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

03a1ffec 00000000 77b56b91 00859fd0 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

   4  Id: 15f0.1664 Suspend: 1 Teb: 7fe94000 Unfrozen

ChildEBP RetAddr  Args to Child              

03f1fed4 75c51129 00000494 00000000 00000000 ntdll_77b30000!ZwWaitForSingleObject+0xc

03f1ff40 75c510b4 00000000 ffffffff 00000000 KERNELBASE!WaitForSingleObjectEx+0x8f

03f1ff54 0040fcdd 00000494 ffffffff 0000023f KERNELBASE!WaitForSingleObject+0x12

WARNING: Stack unwind information not available. Following frames may be wrong.

03f1ff84 75da86e3 00000000 03f1ffd4 77b79e89 ______________+0xfcdd

03f1ff90 77b79e89 00000000 64b5b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

03f1ffd4 77b79e5c 0040fca9 00000000 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

03f1ffec 00000000 0040fca9 00000000 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

   5  Id: 15f0.1618 Suspend: 1 Teb: 7fe91000 Unfrozen

ChildEBP RetAddr  Args to Child              

0401ff14 75c75bee 00000490 0401ff78 0401ff60 ntdll_77b30000!ZwRemoveIoCompletion+0xc

0401ff48 00404a5b 00000490 0401ff7c 0401ff78 KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

0401ff84 75da86e3 00000000 0401ffd4 77b79e89 ______________+0x4a5b

0401ff90 77b79e89 00000000 6345b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0401ffd4 77b79e5c 004049a0 00000000 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0401ffec 00000000 004049a0 00000000 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

   6  Id: 15f0.1670 Suspend: 1 Teb: 7fe8e000 Unfrozen

ChildEBP RetAddr  Args to Child              

0411ff14 75c75bee 00000490 0411ff78 0411ff60 ntdll_77b30000!ZwRemoveIoCompletion+0xc

0411ff48 00404a5b 00000490 0411ff7c 0411ff78 KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

0411ff84 75da86e3 00000000 0411ffd4 77b79e89 ______________+0x4a5b

0411ff90 77b79e89 00000000 6355b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0411ffd4 77b79e5c 004049a0 00000000 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0411ffec 00000000 004049a0 00000000 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

   7  Id: 15f0.1674 Suspend: 1 Teb: 7fe8b000 Unfrozen

ChildEBP RetAddr  Args to Child              

0421ff14 75c75bee 00000490 0421ff78 0421ff60 ntdll_77b30000!ZwRemoveIoCompletion+0xc

0421ff48 00404a5b 00000490 0421ff7c 0421ff78 KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

0421ff84 75da86e3 00000000 0421ffd4 77b79e89 ______________+0x4a5b

0421ff90 77b79e89 00000000 6365b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0421ffd4 77b79e5c 004049a0 00000000 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0421ffec 00000000 004049a0 00000000 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

   8  Id: 15f0.1680 Suspend: 1 Teb: 7fe88000 Unfrozen

ChildEBP RetAddr  Args to Child              

0435ff14 75c75bee 00000490 0435ff78 0435ff60 ntdll_77b30000!ZwRemoveIoCompletion+0xc

0435ff48 00404a5b 00000490 0435ff7c 0435ff78 KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

0435ff84 75da86e3 00000000 0435ffd4 77b79e89 ______________+0x4a5b

0435ff90 77b79e89 00000000 6371b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0435ffd4 77b79e5c 004049a0 00000000 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0435ffec 00000000 004049a0 00000000 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

   9  Id: 15f0.1684 Suspend: 1 Teb: 7fe85000 Unfrozen

ChildEBP RetAddr  Args to Child              

0449ff14 75c75bee 00000490 0449ff78 0449ff60 ntdll_77b30000!ZwRemoveIoCompletion+0xc

0449ff48 00404bc3 00000490 0449ff7c 0449ff78 KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

0449ff84 75da86e3 00000000 0449ffd4 77b79e89 ______________+0x4bc3

0449ff90 77b79e89 00000000 630db1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0449ffd4 77b79e5c 004049a0 00000000 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0449ffec 00000000 004049a0 00000000 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

  10  Id: 15f0.1608 Suspend: 1 Teb: 7fe82000 Unfrozen

ChildEBP RetAddr  Args to Child              

049dfecc 75c75bee 000004ac 049dff3c 049dff18 ntdll_77b30000!ZwRemoveIoCompletion+0xc

049dff00 733748fd 000004ac 049dff34 049dff3c KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

049dff40 7344f1bd 007e085c 6772962e 00000000 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0x718d

049dff78 7344f247 00000000 049dff90 75da86e3 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1a4d

049dff84 75da86e3 007e7c00 049dffd4 77b79e89 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1ad7

049dff90 77b79e89 007e7c00 63d9b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

049dffd4 77b79e5c 7344f1e3 007e7c00 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

049dffec 00000000 7344f1e3 007e7c00 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

  11  Id: 15f0.1cd8 Suspend: 1 Teb: 7fe7f000 Unfrozen

ChildEBP RetAddr  Args to Child              

04b1fecc 75c75bee 000004ac 04b1ff3c 04b1ff18 ntdll_77b30000!ZwRemoveIoCompletion+0xc

04b1ff00 733748fd 000004ac 04b1ff34 04b1ff3c KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

04b1ff40 7344f1bd 007e085c 675e962e 00000000 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0x718d

04b1ff78 7344f247 00000000 04b1ff90 75da86e3 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1a4d

04b1ff84 75da86e3 007e7e20 04b1ffd4 77b79e89 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1ad7

04b1ff90 77b79e89 007e7e20 63f5b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

04b1ffd4 77b79e5c 7344f1e3 007e7e20 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

04b1ffec 00000000 7344f1e3 007e7e20 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

  12  Id: 15f0.1694 Suspend: 1 Teb: 7fe7c000 Unfrozen

ChildEBP RetAddr  Args to Child              

04c5fecc 75c75bee 000004ac 04c5ff3c 04c5ff18 ntdll_77b30000!ZwRemoveIoCompletion+0xc

04c5ff00 733748fd 000004ac 04c5ff34 04c5ff3c KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

04c5ff40 7344f1bd 007e085c 672a962e 00000000 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0x718d

04c5ff78 7344f247 00000000 04c5ff90 75da86e3 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1a4d

04c5ff84 75da86e3 007e8040 04c5ffd4 77b79e89 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1ad7

04c5ff90 77b79e89 007e8040 6381b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

04c5ffd4 77b79e5c 7344f1e3 007e8040 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

04c5ffec 00000000 7344f1e3 007e8040 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

  13  Id: 15f0.169c Suspend: 1 Teb: 7fe79000 Unfrozen

ChildEBP RetAddr  Args to Child              

04d9fecc 75c75bee 000004ac 04d9ff3c 04d9ff18 ntdll_77b30000!ZwRemoveIoCompletion+0xc

04d9ff00 733748fd 000004ac 04d9ff34 04d9ff3c KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

04d9ff40 7344f1bd 007e085c 6736962e 00000000 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0x718d

04d9ff78 7344f247 00000000 04d9ff90 75da86e3 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1a4d

04d9ff84 75da86e3 007e8260 04d9ffd4 77b79e89 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1ad7

04d9ff90 77b79e89 007e8260 639db1ef 00000000 kernel32!BaseThreadInitThunk+0xe

04d9ffd4 77b79e5c 7344f1e3 007e8260 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

04d9ffec 00000000 7344f1e3 007e8260 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

  14  Id: 15f0.16a0 Suspend: 1 Teb: 7fe76000 Unfrozen

ChildEBP RetAddr  Args to Child              

04edfecc 75c75bee 000004ac 04edff3c 04edff18 ntdll_77b30000!ZwRemoveIoCompletion+0xc

04edff00 733748fd 000004ac 04edff34 04edff3c KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

04edff40 7344f1bd 007e085c 6702962e 00000000 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0x718d

04edff78 7344f247 00000000 04edff90 75da86e3 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1a4d

04edff84 75da86e3 007e8480 04edffd4 77b79e89 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1ad7

04edff90 77b79e89 007e8480 63a9b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

04edffd4 77b79e5c 7344f1e3 007e8480 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

04edffec 00000000 7344f1e3 007e8480 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

  15  Id: 15f0.16a8 Suspend: 1 Teb: 7fe73000 Unfrozen

ChildEBP RetAddr  Args to Child              

0501fecc 75c75bee 000004ac 0501ff3c 0501ff18 ntdll_77b30000!ZwRemoveIoCompletion+0xc

0501ff00 733748fd 000004ac 0501ff34 0501ff3c KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

0501ff40 7344f1bd 007e085c 66ee962e 00000000 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0x718d

0501ff78 7344f247 00000000 0501ff90 75da86e3 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1a4d

0501ff84 75da86e3 007eb5d0 0501ffd4 77b79e89 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1ad7

0501ff90 77b79e89 007eb5d0 6245b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0501ffd4 77b79e5c 7344f1e3 007eb5d0 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0501ffec 00000000 7344f1e3 007eb5d0 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

  16  Id: 15f0.16ac Suspend: 1 Teb: 7fe70000 Unfrozen

ChildEBP RetAddr  Args to Child              

0515fecc 75c75bee 000004ac 0515ff3c 0515ff18 ntdll_77b30000!ZwRemoveIoCompletion+0xc

0515ff00 733748fd 000004ac 0515ff34 0515ff3c KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

0515ff40 7344f1bd 007e085c 66fa962e 00000000 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0x718d

0515ff78 7344f247 00000000 0515ff90 75da86e3 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1a4d

0515ff84 75da86e3 007ec2e0 0515ffd4 77b79e89 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1ad7

0515ff90 77b79e89 007ec2e0 6251b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0515ffd4 77b79e5c 7344f1e3 007ec2e0 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0515ffec 00000000 7344f1e3 007ec2e0 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

  17  Id: 15f0.16b0 Suspend: 1 Teb: 7fe6d000 Unfrozen

ChildEBP RetAddr  Args to Child              

0529fecc 75c75bee 000004ac 0529ff3c 0529ff18 ntdll_77b30000!ZwRemoveIoCompletion+0xc

0529ff00 733748fd 000004ac 0529ff34 0529ff3c KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

0529ff40 7344f1bd 007e085c 66c6962e 00000000 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0x718d

0529ff78 7344f247 00000000 0529ff90 75da86e3 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1a4d

0529ff84 75da86e3 007ec508 0529ffd4 77b79e89 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1ad7

0529ff90 77b79e89 007ec508 626db1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0529ffd4 77b79e5c 7344f1e3 007ec508 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0529ffec 00000000 7344f1e3 007ec508 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

  18  Id: 15f0.16b4 Suspend: 1 Teb: 7fe6a000 Unfrozen

ChildEBP RetAddr  Args to Child              

053dfecc 75c75bee 000004ac 053dff3c 053dff18 ntdll_77b30000!ZwRemoveIoCompletion+0xc

053dff00 733748fd 000004ac 053dff34 053dff3c KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

053dff40 7344f1bd 007e085c 66d2962e 00000000 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0x718d

053dff78 7344f247 00000000 053dff90 75da86e3 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1a4d

053dff84 75da86e3 007eb818 053dffd4 77b79e89 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1ad7

053dff90 77b79e89 007eb818 6279b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

053dffd4 77b79e5c 7344f1e3 007eb818 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

053dffec 00000000 7344f1e3 007eb818 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

  19  Id: 15f0.16b8 Suspend: 1 Teb: 7fe67000 Unfrozen

ChildEBP RetAddr  Args to Child              

0551fecc 75c75bee 000004ac 0551ff3c 0551ff18 ntdll_77b30000!ZwRemoveIoCompletion+0xc

0551ff00 733748fd 000004ac 0551ff34 0551ff3c KERNELBASE!GetQueuedCompletionStatus+0x2a

WARNING: Stack unwind information not available. Following frames may be wrong.

0551ff40 7344f1bd 007e085c 66be962e 00000000 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0x718d

0551ff78 7344f247 00000000 0551ff90 75da86e3 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1a4d

0551ff84 75da86e3 007ecb80 0551ffd4 77b79e89 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1ad7

0551ff90 77b79e89 007ecb80 6215b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0551ffd4 77b79e5c 7344f1e3 007ecb80 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0551ffec 00000000 7344f1e3 007ecb80 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b

  20  Id: 15f0.16bc Suspend: 1 Teb: 7fe64000 Unfrozen

ChildEBP RetAddr  Args to Child              

0565fea0 75c51129 000001bc 00000000 0565fee8 ntdll_77b30000!ZwWaitForSingleObject+0xc

0565ff0c 75c510b4 0565fee8 000003e8 00000000 KERNELBASE!WaitForSingleObjectEx+0x8f

0565ff20 7336a3aa 000001bc 000003e8 007ec730 KERNELBASE!WaitForSingleObject+0x12

WARNING: Stack unwind information not available. Following frames may be wrong.

0565ff40 7344f1bd 007e0be8 668a962e 00000000 HPSocket4C_SSL!HP_SSL_IsValid+0x12b6a

0565ff78 7344f247 00000000 0565ff90 75da86e3 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1a4d

0565ff84 75da86e3 007ec730 0565ffd4 77b79e89 HPSocket4C_SSL!HP_SSL_RemoveThreadLocalState+0xe1ad7

0565ff90 77b79e89 007ec730 6221b1ef 00000000 kernel32!BaseThreadInitThunk+0xe

0565ffd4 77b79e5c 7344f1e3 007ec730 ffffffff ntdll_77b30000!__RtlUserThreadStart+0x72

0565ffec 00000000 7344f1e3 007ec730 00000000 ntdll_77b30000!_RtlUserThreadStart+0x1b



求救:到底是栈溢出,还是内存越界?应该核实代码中的那类代码?


[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (4)
haovcf
雪    币: 34
活跃值: (101)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
(+6.00雪花)
2
你这应该是越界访问了,在创建线程的时候,检查一下创建线程和线程回调,如果没有这部分代码,就检查下dllmain函数内的代码,看哪里是否有越界,我觉得,你看能吧通用存储服务器  -  线程池版.exe的符号,以及  HPSocket4C-SSL.dll的符号加载上,看看能不能看到更详细的异常信息
2017-5-9 00:26
(+6.00雪花)
0
hzqst
雪    币: 12848
活跃值: (9147)
能力值: ( LV9,RANK:280 )
在线值:
发帖
回帖
粉丝
私信
3
HPSocket4C没记错是网吧的东西
2017-5-9 11:23
0
张来喜
雪    币: 3
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4
配置好PDB路径
先!analyze  -v,确定线程是哪个
打开堆栈窗口,这一步配好源文件路径
再.ecxr      恢复堆栈,这时候堆栈窗口应该可以看到崩溃时的正确堆栈
在堆栈窗口选择显示源文件和源文件参数
最好用最新的windbg,5月份出品的,windeb10.0.15063.173版本以后的版本
如果栈没有被破坏,则一般this指针显示的内容比较正常,如果被破坏,显示的是不可访问地址,则一般是栈内溢出导致。
  ExceptionCode:  80000003    一般不是代码自己生成的dmp,而是手工导出dmp的int  3断点之类的。这时候的故障线程是不准的,搜索所有线程,找到KERNELBASE!UnhandledExceptionFilter    这类异常处理,基本上就是这个线程除了问题,然后切换到这个线程,然后再运行.ecxr,恢复堆栈,继续查找问题。
如果是new出来的溢出,则用全堆检查工具即可,这类工具较多,gflags、debug  diag、application  verifier都可以启动堆安全检查,如果是栈内溢出,则前面的工具就不够用了,如果是在自己代码之内,我知道vs开发,在debug模式的工程属性的代码生成页面启用“两者(/RTC1,等同于  /RTCsu)  (/RTC1)”,通过debug调试可以探知到栈内数组越界、字符串越界等更细致的安全检查。另外无论debug还是release版本,都可以用内存操作安全函数操作在,这样一旦越界就可以探知。例如memcpy用memcpy_s等,百度memcpy_s  c++安全函数就可以搜索到20多个安全替换函数,这才是安全之本,否则release对越界的探知能力无法覆盖栈内溢出。
2017-5-29 10:57
0
张来喜
雪    币: 3
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
对了,一般对于this或栈被破坏的dmp,一般能力的人分析可能用处不大,因为局部变量和返回栈都被破坏了,看到的很多是虚假的,所以最好的办法就是启用全堆检查,如果有debug版本,最好debug启用最好的栈检查,这样配合前面的堆检查就可以更准确的复现现场位置错误,而不是过了很久才表现出来崩溃的位置。
如果不能很好的复现,则debug  diag是监控机器人,则可以很好的监控,并在程序崩溃的时候导出dmp(最好给debug  diag配上符号文件,这样打印的log就会很准)。如果自己能够添加代码,则最好在代码里带上崩溃自动导出dmp的功能,这样才能及时形成dmp,虽然位置不准,但是在对应的线程输入.ecxr即可恢复对应堆栈。
2017-5-29 11:04
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//