代码如下:
#include <stdio.h>
#include <time.h>
#include <windows.h>
#include <DbgHelp.h>
#pragma comment(lib, "DbgHelp.lib")
LONG WINAPI TopLevelFilter( struct _EXCEPTION_POINTERS *pExceptionInfo )
{
LONG ret = EXCEPTION_CONTINUE_SEARCH;
time_t nowtime;
time(&nowtime);
struct tm *pTime = localtime(&nowtime);
char szFile[128] = {0};
sprintf(szFile, "c:\\%4d.%02d.%02d_%02d.%02d.%02d.dmp", pTime->tm_year+1900, pTime->tm_mon+1, pTime->tm_mday, pTime->tm_hour, pTime->tm_min, pTime->tm_sec);
HANDLE hFile = ::CreateFile(szFile, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile != INVALID_HANDLE_VALUE)
{
MINIDUMP_EXCEPTION_INFORMATION ExInfo;
ExInfo.ThreadId = ::GetCurrentThreadId();
ExInfo.ExceptionPointers = pExceptionInfo;
ExInfo.ClientPointers = NULL;
// write the dump
BOOL bOK = MiniDumpWriteDump( GetCurrentProcess(), GetCurrentProcessId(), hFile, MiniDumpNormal, &ExInfo, NULL, NULL );
ret = EXCEPTION_EXECUTE_HANDLER;
::CloseHandle(hFile);
}
return ret;
}
void ExpTest5() { char *p = NULL; p[0] = 0; }
void ExpTest4() { ExpTest5(); }
void ExpTest3() { ExpTest4(); }
void ExpTest2() { ExpTest3(); }
void ExpTest1() { ExpTest2(); }
void TestExceptionWalking() { ExpTest1(); }
int main()
{
::SetUnhandledExceptionFilter(TopLevelFilter);
TestExceptionWalking();
return 0;
}
vs2008编译,debug版,默认配置
用windbg打开生成的dump文件后,正确加载符号后用kb命令只能看到如下的栈:
0:000> lm
start end module name
00400000 00474000 Crash C (private pdb symbols) d:\temp\Crash\debug\Crash.pdb
68d60000 68e01000 dbghelp (pdb symbols) e:\symbols\dll\dbghelp.pdb
76bc0000 76bcb000 psapi (pdb symbols) e:\symbols\dll\psapi.pdb
76d70000 76d92000 apphelp (pdb symbols) e:\symbols\dll\apphelp.pdb
77bd0000 77bd8000 version (pdb symbols) e:\symbols\dll\version.pdb
77be0000 77c38000 msvcrt (pdb symbols) e:\symbols\dll\msvcrt.pdb
77da0000 77e49000 advapi32 (pdb symbols) e:\symbols\dll\advapi32.pdb
77e50000 77ee2000 rpcrt4 (pdb symbols) e:\symbols\dll\rpcrt4.pdb
77fc0000 77fd1000 secur32 (pdb symbols) e:\symbols\dll\secur32.pdb
7c800000 7c91e000 kernel32 (pdb symbols) e:\symbols\dll\kernel32.pdb
7c920000 7c9b3000 ntdll (pdb symbols) e:\symbols\dll\ntdll.pdb
0:000> kb
ChildEBP RetAddr Args to Child
0012ef8c 7c92d16c 00000000 0012efe8 000f0005 ntdll!KiFastSystemCallRet
0012efc0 7c92d50c 7c80b981 00000000 ffffffff ntdll!ZwCreateSection+0xc
0012f01c 7c92cfdc 7c809c1b 0000005c 0012f170 ntdll!ZwMapViewOfSection+0xc
0012f0fc 68d8ee61 005a00e0 005a0000 00004dec ntdll!ZwClose+0xc
0012f110 68d8eebd 005a00e0 005a0000 00004dec dbghelp!GenAddressInSectionTable+0x13
0012f124 68d8ef5f 005a0000 00000000 00000006 dbghelp!GenImageDirectoryEntryToData32+0x3d
0012f144 68d8bf5a 005a0000 00000000 00000006 dbghelp!GenImageDirectoryEntryToData+0x3c
0012f168 7c80ba18 ffffffff 005a0000 00000000 dbghelp!GenGetDebugRecord+0x1c
7c92defc 00010cb8 0300ba00 12ff7ffe 900008c2 kernel32!UnmapViewOfFile+0x14
WARNING: Frame IP not in any known module. Following frames may be wrong.
7c92df04 12ff7ffe 900008c2 00010db8 0300ba00 0x10cb8
7c92df08 900008c2 00010db8 0300ba00 12ff7ffe 0x12ff7ffe
7c92df0c 00010db8 0300ba00 12ff7ffe 900010c2 0x900008c2
7c92df10 0300ba00 12ff7ffe 900010c2 00010eb8 0x10db8
7c92df14 12ff7ffe 900010c2 00010eb8 0300ba00 0x300ba00
7c92df18 900010c2 00010eb8 0300ba00 12ff7ffe 0x12ff7ffe
7c92df1c 00010eb8 0300ba00 12ff7ffe 900014c2 0x900010c2
7c92df20 0300ba00 12ff7ffe 900014c2 00010fb8 0x10eb8
7c92df24 12ff7ffe 900014c2 00010fb8 0300ba00 0x300ba00
7c92df28 900014c2 00010fb8 0300ba00 12ff7ffe 0x12ff7ffe
7c92df2c 00010fb8 0300ba00 12ff7ffe 90000cc2 0x900014c2
无法看到Kernel32! UnhandledExceptionFilter 之类的栈
请问是我的dump文件生成的有问题还是windbg使用的有问题?
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
