简单Access Violation的异常派发,Vista/Longhorn Server
#include "windows.h"
{
public:
~dummy();
};
dummy::~dummy()
{
MessageBox(0,L"aaa",0,0);
};
int _tmain(int argc, _TCHAR* argv[])
{
dummy d;
char c=getchar();
if(c=='2')
SetErrorMode(2);
if(c=='3')
throw 1;
int *p=0;
int j=*p;
printf("%d/n",j);
return 0;
}
(ec8.978): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=7ffd4000 ecx=47c1164d edx=00496008 esi=00000000 edi=0012ff1c
eip=0042ecfa esp=0012fe2c ebp=0012ff1c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
*** WARNING: Unable to verify checksum for crashstudy.exe
*** ERROR: Module load completed but symbols could not be loaded for crashstudy.exe
crashstudy+0x2ecfa:
0042ecfa 8b08 mov ecx,dword ptr [eax] ds:0023:00000000=????????
ChildEBP RetAddr
0012fc10 77148107 ntdll!RtlDispatchException+0x3a
0012fc10 00401066 ntdll!KiUserExceptionDispatcher+0xf
0012ff38 004013af crashstudy!wmain+0x46
0012ff88 76fd1d02 crashstudy!__tmainCRTStartup+0x15e
0012ff94 771285eb kernel32!BaseThreadInitThunk+0xe
0012ffd4 771285be ntdll!__RtlUserThreadStart+0x23
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> r
eax=0012ff2c ebx=0012fc28 ecx=0012fc04 edx=0012fb8c esi=0012fc28 edi=00001771
eip=77126612 esp=0012fba0 ebp=0012fc10 iopl=0 nv up ei ng nz na po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000283
ntdll!RtlDispatchException+0x3a:
77126612 8365f000 and dword ptr [ebp-10h],0 ss:0023:0012fc00=0012fb38
0:000> dt EXCEPTION_REGISTRATION_RECORD 0012ff2c
+0x000 Next : 0x0012ff78 _EXCEPTION_REGISTRATION_RECORD
+0x004 Handler : 0x0040b1a5 crashstudy!_EH_prolog3_catch+0
+0x000 Next : 0x0012ffc4 _EXCEPTION_REGISTRATION_RECORD
+0x004 Handler : 0x00402550 crashstudy!_except_handler4+0
0:000> dt EXCEPTION_REGISTRATION_RECORD 0x0012ffc4
+0x000 Next : 0xffffffff _EXCEPTION_REGISTRATION_RECORD
+0x004 Handler : 0x770fa033 ntdll!_except_handler4+0
0012ff2c: crashstudy!_EH_prolog3_catch+47 (0040b1a5)
0012ff78: crashstudy!_except_handler4+0 (00402550)
0012ffc4: ntdll!_except_handler4+0 (770fa033)
首先触发的当然就是_EP-prolog3_catch了:
ChildEBP RetAddr
0012fb60 7714827b crashstudy!_EH_prolog3_catch+0x47
0012fc10 77148107 ntdll!ExecuteHandler+0x24
0012fc10 00401066 ntdll!KiUserExceptionDispatcher+0xf
0012ff38 004013af crashstudy!wmain+0x46
0012ff88 76fd1d02 crashstudy!__tmainCRTStartup+0x15e
0012ff94 771285eb kernel32!BaseThreadInitThunk+0xe
0012ffd4 771285be ntdll!__RtlUserThreadStart+0x23
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
ChildEBP RetAddr
0012facc 0040b015 crashstudy!FindHandler+0x336
0012fb00 00409fcd crashstudy!__InternalCxxFrameHandler+0xd9
0012fb3c 771482a9 crashstudy!__CxxFrameHandler3+0x26
0012fb60 7714827b ntdll!ExecuteHandler2+0x26
0012fc10 77148107 ntdll!ExecuteHandler+0x24
0012fc10 00401066 ntdll!KiUserExceptionDispatcher+0xf
0012ff38 004013af crashstudy!wmain+0x46
0012ff88 76fd1d02 crashstudy!__tmainCRTStartup+0x15e
0012ff94 771285eb kernel32!BaseThreadInitThunk+0xe
0012ffd4 771285be ntdll!__RtlUserThreadStart+0x23
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
crashstudy!FindHandler+0x27c
0040ae4a 6a01 push 1
0040ae4c 56 push esi
0040ae4d e837f7ffff call crashstudy!__DestructExceptionObject (0040a589)
0040ae52 59 pop ecx
0040ae53 59 pop ecx
0040ae54 807dff00 cmp byte ptr [ebp-1],0
0040ae58 0f85ae000000 jne crashstudy!FindHandler+0x33e (0040af0c)
0040ae5e 8b07 mov eax,dword ptr [edi]
ChildEBP RetAddr
0012fc10 77148107 ntdll!RtlDispatchException+0x124
0012fc10 00401066 ntdll!KiUserExceptionDispatcher+0xf
0012ff38 004013af crashstudy!wmain+0x46
0012ff88 76fd1d02 crashstudy!__tmainCRTStartup+0x15e
0012ff94 771285eb kernel32!BaseThreadInitThunk+0xe
0012ffd4 771285be ntdll!__RtlUserThreadStart+0x23
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> kL
ChildEBP RetAddr
0012fb3c 771482a9 crashstudy!_except_handler4
0012fb60 7714827b ntdll!ExecuteHandler2+0x26
0012fc10 77148107 ntdll!ExecuteHandler+0x24
0012fc10 00401066 ntdll!KiUserExceptionDispatcher+0xf
0012ff38 004013af crashstudy!wmain+0x46
0012ff88 76fd1d02 crashstudy!__tmainCRTStartup+0x15e
0012ff94 771285eb kernel32!BaseThreadInitThunk+0xe
0012ffd4 771285be ntdll!__RtlUserThreadStart+0x23
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
ChildEBP RetAddr
0012fa48 7702ea1d crashstudy!__CxxUnhandledExceptionFilter
0012fad4 00402d34 kernel32!UnhandledExceptionFilter+0x137
0012faf4 004013d9 crashstudy!_XcptFilter+0x6a
0012fb00 00405280 crashstudy!__tmainCRTStartup+0x188
0012fb14 004025de crashstudy!_EH4_CallFilterFunc+0x12
0012fb3c 771482a9 crashstudy!_except_handler4+0x8e
0012fb60 7714827b ntdll!ExecuteHandler2+0x26
0012fc10 77148107 ntdll!ExecuteHandler+0x24
0012fc10 00401066 ntdll!KiUserExceptionDispatcher+0xf
0012ff38 004013af crashstudy!wmain+0x46
0012ff88 76fd1d02 crashstudy!__tmainCRTStartup+0x15e
0012ff94 771285eb kernel32!BaseThreadInitThunk+0xe
0012ffd4 771285be ntdll!__RtlUserThreadStart+0x23
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
ChildEBP RetAddr
0012fc10 77148107 ntdll!RtlDispatchException+0xcb
0012fc10 00401066 ntdll!KiUserExceptionDispatcher+0xf
0012ff38 004013af crashstudy!wmain+0x46
0012ff88 76fd1d02 crashstudy!__tmainCRTStartup+0x15e
0012ff94 771285eb kernel32!BaseThreadInitThunk+0xe
0012ffd4 771285be ntdll!__RtlUserThreadStart+0x23
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
ChildEBP RetAddr
0012faf8 77167323 kernel32!UnhandledExceptionFilter+0xb0
0012fb00 770fa214 ntdll!__RtlUserThreadStart+0x6f
0012fb14 770f44fc ntdll!_EH4_CallFilterFunc+0x12
0012fb3c 771482a9 ntdll!_except_handler4+0x8e
0012fb60 7714827b ntdll!ExecuteHandler2+0x26
0012fc10 77148107 ntdll!ExecuteHandler+0x24
0012fc10 00401066 ntdll!KiUserExceptionDispatcher+0xf
0012ff38 004013af crashstudy!wmain+0x46
0012ff88 76fd1d02 crashstudy!__tmainCRTStartup+0x15e
0012ff94 771285eb kernel32!BaseThreadInitThunk+0xe
0012ffd4 771285be ntdll!__RtlUserThreadStart+0x23
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
ChildEBP RetAddr
0012ff38 00401066 ntdll!KiUserExceptionDispatcher+0xf
0012ff38 004013af crashstudy!wmain+0x46
0012ff88 76fd1d02 crashstudy!__tmainCRTStartup+0x15e
0012ff94 771285eb kernel32!BaseThreadInitThunk+0xe
0012ffd4 771285be ntdll!__RtlUserThreadStart+0x23
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
ntdll!KiUserExceptionDispatcher+0x20
77148118 59 pop ecx
77148119 6a00 push 0
7714811b 51 push ecx
7714811c 53 push ebx
7714811d e84ef2ffff call ntdll!ZwRaiseException (77147370)
77148122 83c4ec add esp,0FFFFFFECh
77148125 890424 mov dword ptr [esp],eax
77148128 c744240401000000 mov dword ptr [esp+4],1
crashstudy!_EH_prolog3_catch+47 (0040b1a5)
crashstudy!_except_handler4+0 (00402550)
ntdll!_except_handler4+0 (770fa033)
第一个会去找C++的try/catch block,以及destruct C++的object。第二个和第三个handler有什么用还不清楚。
ChildEBP RetAddr
0012fad4 00402d34 kernel32!UnhandledExceptionFilter+0x167
0012faf4 004013d9 crashstudy!_XcptFilter+0x6a
0012fb00 00405280 crashstudy!__tmainCRTStartup+0x188
0012fb14 004025de crashstudy!_EH4_CallFilterFunc+0x12
0012fb3c 771482a9 crashstudy!_except_handler4+0x8e
0012fb60 7714827b ntdll!ExecuteHandler2+0x26
0012fc10 77148107 ntdll!ExecuteHandler+0x24
0012fc10 00401066 ntdll!KiUserExceptionDispatcher+0xf
0012ff38 004013af crashstudy!wmain+0x46
0012ff88 76fd1d02 crashstudy!__tmainCRTStartup+0x15e
0012ff94 771285eb kernel32!BaseThreadInitThunk+0xe
0012ffd4 771285be ntdll!__RtlUserThreadStart+0x23
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
ChildEBP RetAddr
0012f728 7714827b crashstudy!_EH_prolog3_catch+0x47
0012faf0 004052b3 ntdll!ExecuteHandler+0x24
0012fb14 00402674 crashstudy!_EH4_GlobalUnwind+0x15
0012fb3c 771482a9 crashstudy!_except_handler4+0x124
00000000 00000000 ntdll!ExecuteHandler2+0x26
ChildEBP RetAddr
0012f348 765a0b66 ntdll!KiFastSystemCallRet
0012f34c 7658ac92 USER32!NtUserWaitMessage+0xc
0012f380 7658b8ed USER32!DialogBox2+0x202
0012f3a8 765dcc8c USER32!InternalDialogBox+0xd0
0012f448 765dd20e USER32!SoftModalMessageBox+0x69f
0012f598 765dd344 USER32!MessageBoxWorker+0x2c7
0012f5f0 765dd5c0 USER32!MessageBoxTimeoutW+0x7f
0012f610 765dd65c USER32!MessageBoxExW+0x1b
0012f62c 00401011 USER32!MessageBoxW+0x45
0012f640 0040b047 crashstudy!dummy::~dummy+0x11
0012ff38 004013af crashstudy!_NLG_Return
0012ff88 76fd1d02 crashstudy!__tmainCRTStartup+0x15e
0012ff94 771285eb kernel32!BaseThreadInitThunk+0xe
0012ffd4 771285be ntdll!__RtlUserThreadStart+0x23
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
注意看,这里看不到ntdll!KiUserExceptionDispatcher哦!原因是UnahandledExceptionFilter返回了execute_handler_flag表示找到了handler,这个时候就要准备执行handler啦。handler是什么暂且不说,在执行handler以前呢,首先是要unwind stack.
0:000> kL
ChildEBP RetAddr
0012fef0 00402846 kernel32!ExitProcess
0012fef8 00402a4b crashstudy!__crtExitProcess+0x14
0012ff30 00402a82 crashstudy!doexit+0xb5
0012ff40 004013f1 crashstudy!_exit+0xd
0012ff88 76fd1d02 crashstudy!__tmainCRTStartup+0x1a0
0012ff94 771285eb kernel32!BaseThreadInitThunk+0xe
0012ffd4 771285be ntdll!__RtlUserThreadStart+0x23
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
__try
{
winmain();
}
__except ( _XcptFilter() )
{
ExitProcess();
}
kernel32!BasepIsDebugPortPresent+0x2e "r eax=0;g"
简单Access Violation的异常派发,Vista/Longhorn Server相关推荐
- CFileDialog 在使用sdk 后出现异常 Access violation
/*************************************************************************************************** ...
- 关于瞎报Access violation writing location异常的瞎解决方法
文章目录 @[toc] 问题描述 解决办法 问题描述 最近在用OpenCV解决一些CV问题.嗯,VS2017,各位看官不要笑,我也想用Linux,没办法,VS对于菜鸡来说是真的好用,虽然配环境确实蛋疼 ...
- 如何捕获access violation异常
文章目录 access violation的由来 access violation的实例 Win32 exception SEH异常与C++标准异常 捕获方法 1.access violation的由 ...
- 智能安全实验室-全能优化(Guardio)错误解决(1):“出现异常:EXCEPTION_ACCESS_VIOLATION=Access Violation”...
如果您在使用智能安全实验室-全能优化(Guardio)的过程中遇到类似以下的错误: 过程:2090043535:时间:2006-2-9 10:31:57:异常:EXCEPTION_ACCESS_VIO ...
- access violation at address 异常
项目场景: access violation at address 异常 问题描述: 最近打开navicat客户端 会出现access violation at address-网上百度了下是内存越界 ...
- 【CAD异常】未处理的异常C0000005(Access Violation Reading 0x0010),地址:5C6B5587h
win 10环境,CAD2007,添加.arx扩展的时候,报错,错误信息:未处理的异常C0000005(Access Violation Reading 0x0010),地址:5C6B5587h. 解 ...
- Access violation reading location 0xccccccc0运行异常的解决方法
转自:http://blog.csdn.net/michealmeng555/article/details/6452697 编译过运行时出现如下错误 Access violation reading ...
- access violation at address 解决之法【转】
右击"我的电脑".单击"属性". 在"系统属性"中单击"高级". 在"性能"中单击"设置& ...
- Forrtl: severe(157): Program Exception - access violation
这是在Fortran中经常碰到的错误,access violation一般是访问到了不能访问的内存. 个人碰到几种情况: Array-out-of-bounds error:数组越界 Stack ov ...
最新文章
- Latex快速入门, Windows 安装使用编译技巧归纳
- python3 requirements使用方法 ~= >= <
- 版本控制介绍以及常用的版本控制工具
- facebook 分享页面_Facebook个人资料,页面和组之间有什么区别?
- 仿短视频竖屏播放源码
- python教程-做个淘宝双十一满减攻略
- 如何查找识别苹果无线鼠标/无线键盘/触控板的设备序列号
- 杨辉三角c语言if 编程,杨辉三角_用c语言怎么编程
- python画三色柱状图_python画手绘图
- 历史记录具体时间linux,查看命令历史记录及其操作时间
- 微信服务号添加小程序
- 网站是否进行过SEO网站优化?主要就看这三点!
- 【原创开源应用第2期】基于RL-USB和RL-FlashFS的完整NAND解决方案,稳定好用,可放心用于产品批量
- Ceph监控部署之inkscopeCalamari(v10.2.11)
- WIN32 opengl缩放、旋转、移动图形
- 《Mysql数据库》
- 高效通过,PMI-ACP 备考知识突击(九阴真经版)
- ubuntu18.04配置静态ip
- C#源码QQ空间自动点赞神器,无需密码直接点头像登录,可加自动功能评论转发等。
- python之pygal学习
热门文章
- 关于.NET编译的目标平台(AnyCPU,x86,x64) (转)
- ASP.NET状态管理之三(隐藏域HiddenField)
- mysql 5.7 解决 set global slow_query_log=on;报错
- PHP程序员上相亲节目,结果遭女嘉宾瞬间全灭灯
- 最大输入hdu 2534 规律水题 求任意个a,b的和 不能表示的最大的数
- 传说中的裸奔节--认识及体验CSS
- 基于WebForm的Front Controller模式框架
- 第一次搭建vue项目--安装vue-cli、初始化项目
- 自学习 与 无监督特征学习
- HTML5新特性---Form表单前台通过正则表达式自动验证邮箱