Printed Exception strings - what do all those flags mean?(转)
Printed Exception strings - what do all those flags mean?
软件调试 2008-09-26 17:10:21 阅读704 评论1 字号:大中小
http://realchecko.blogspot.com/2007/06/printed-exception-string.html
http://blogs.msdn.com/hopperx/archive/2005/06/29/433842.aspx
Printed Exception strings - what do all those flags mean?
Data Abort: Thread=9352cc9c Proc=90876ea0 'shell32.exe'
AKY=00000005 PC=03f74680(coredll.dll+0x00014680) RA=03257104(aygshell.dll+0x00037104) BVA=060000e0 FSR=00000007
AKY à "Access Key"
Process slot bitmask corresponding to the processes the excepting thread has access to. For example, the above exception is 0x00000005, which corresponds to:
(Hint: the following was copied from Platform Builder window: View à Debug Windows à Processes)
Name VMBase AccessKey TrustLevel hProcess
btstereoappui.exe 0x1A000000 0x00001000 Full 0xB30E2766
connmgr.exe 0x16000000 0x00000400 Full 0x5311091E
cprog.exe 0x1C000000 0x00002000 Full 0xF3030772
device.exe 0x0A000000 0x00000010 Full 0xB3CEC78E
filesys.exe 0x04000000 0x00000002 Full 0x13EEE762
gwes.exe 0x0C000000 0x00000020 Full 0x737A498A
nk.exe 0xC2000000 0x00000001 Full 0x13EFF002
pmsnserver.exe 0x10000000 0x00000080 Full 0x5333CD86
poutlook.exe 0x14000000 0x00000200 Full 0xD308FA02
sddaemon.exe 0x12000000 0x00000100 Full 0x7314C62A
services.exe 0x0E000000 0x00000040 Full 0x7352CFAA
shell.exe 0x08000000 0x00000008 Full 0xD3CD7A82
shell32.exe 0x06000000 0x00000004 Full 0xD352CEDE
srvtrust.exe 0x18000000 0x00000800 Full 0x33105BCA
PC à "Program Counter"
Represents the current line of instruction. On ARM platforms, this is the current value of the PC register and EIP (Instruction Pointer) on x86 platforms. If symbols are available, the exception handler will attempt to provide an offset line into the DLL that caused the exception. In the example above we can find the (fixed up, closest instruction but not over) instruction offset 0x14680 in the coredll.map for the offending instruction. In this case:
(Hint: the following was copied and pasted from the coredll.map text file found in the image release directory.)
0001:00013638 GetWindowLongW 10014638 f coredll_ALL:twinuser.obj
0001:00013648 BeginPaint 10014648 f coredll_ALL:twinuser.obj
0001:000136cc EndPaint 100146cc f coredll_ALL:twinuser.obj
0001:00013750 GetDC 10014750 f coredll_ALL:twinuser.obj
0001:000137d4 ReleaseDC 100147d4 f coredll_ALL:twinuser.obj
0001:00013858 GetParent 10014858 f coredll_ALL:twinuser.obj
Subtract the function base address above from the remainder reported in the exception handler to find the exact instruction that caused the exception.
RA à "Return Address"
Pointer to the instruction address of the function that called the current function. Had the current function NOT caused an exception, this is where we would return to. The same symbol logic used to resolve function addresses in PC can be used to resolve RA. ARM platforms store this value in LR register and since our example above has a RA= 0x03257104 It should have jumped here:
(Hint: the following disassembler output was copied and pasted from the Platform Builder disassembly window found either by right-clicking on the current source file or Window à Disassembly.)
…
032570FC add r1, sp, #0x30
03257100 bl |BeginPaint (0325aee0)| < Exception caused in here
03257104 ldr lr, [sp, #0x44] < Would have returned here
03257108 ldr r3, [sp, #0x38]
0325710C ldr r2, [sp, #0x3C]
…
ARM, like most platforms manages function Return Addresses on the local stack which allows for nested functions and recursion. Unfortunately this can also lead to problems if the stack somehow gets corrupted – not only do you lose the values stored in the stack, but you are at risk of losing your place and the processor won’t know where to resume execution. A good indicator this has happened is when your PC == LR.
BVA à "Base Virtual Address"
The contents of BVA depend on the type of exception found. If the exception is a Prefetch Abort, the value points directly to the PC register (execution point). If the exception is a Data Abort, then this value points to why the exception was caused. It is a combination of the Virtual Memory base of the module found plus the value that caused the exception. This is easiest to explain through some examples, starting with our original exception BVA=060000e0 which represents:
Processes: (Hint: the following was copied from Platform Builder window: View à Debug Windows à Processes)
Name VMBase AccessKey TrustLevel hProcess
…
shell.exe 0x08000000 0x00000008 Full 0xD3CD7A82
shell32.exe 0x06000000 0x00000004 Full 0xD352CEDE
srvtrust.exe 0x18000000 0x00000800 Full 0x33105BCA
…
Registers: (Hint: the following was copied from Platform Builder window: View à Debug Windows à Registers)
…
R2 = 0000000F
R3 = 00000000
R4 = 0000000F
…
Disassembly: (Hint: the following disassembler output was copied and pasted from the Platform Builder disassembly window found either by right-clicking on the current source file or Window à Disassembly.)
03F7467C ldr r3, [r3]
03F74680 ldr r3, [r3, #0xE0] <<< Exception here, invalid pointer.
03F74684 mov lr, pc
03F74688 bx r3
This line of execution is trying to store the contents of Register 3 into the memory address located at Register 3 + 0xE0 in the context of Shell32.exe (invalid in this case):
R3 + 0xE0 + VMBase(shell32.exe) == 0x060000E0
An additional BVA example in ossvcs.dll:
(Hint: the following was copied from Platform Builder Output window)
Data Abort: Thread=92f44574 Proc=90876ea0 'shell32.exe'
AKY=ffffffff PC=02e320c8(ossvcs.dll+0x000320c8) RA=02e0f524(ossvcs.dll+0x0000f524) BVA=07ece200 FSR=00000007
Registers: (Hint: the following was copied from Platform Builder window: View à Debug Windows à Registers)
…
R8 = 00000000 R9 = 00000000
R10 = 01F31AD0 R11 = 1C05E918
R12 = 01ECE200 Sp = 1C05E500
Lr = 02E0F524 Pc = 02E320C8
…
Disassembly: (Hint: the following disassembler output was copied and pasted from the Platform Builder disassembly window found either by right-clicking on the current source file or Window à Disassembly.)
CeGetCurrentTrust:
02E320C4 ldr r12, [pc, #4]
02E320C8 ldr r12, [r12] <<< Exception here, invalid pointer.
02E320CC bx r12
02E320D0 ???
The line of execution is trying to store Register 12 at the value pointed at in Register 12 in the context of Shell32 (which happens to be invalid).
R12 + VMBase(shell32.exe) == 0x07ece200
FSR à "Fault Status Register"
The FSR represents several flags that will help you understand the nature of your exception. For ARM devices the following flags can be set:
#define FSR_ALIGNMENT 0x01 |
|
#define FSR_PAGE_ERROR 0x02 |
|
#define FSR_TRANSLATION 0x05 |
|
#define FSR_DOMAIN_ERROR 0x09 |
|
#define FSR_PERMISSION 0x0D |
So, taking our example above, we have:
FSR=00000007 == FSR_PAGE_ERROR | FSR_TRANSLATION
转载于:https://www.cnblogs.com/gmh915/archive/2010/07/19/1945411.html
Printed Exception strings - what do all those flags mean?(转)相关推荐
- python充电时刻
十章.充电时刻 python安装包里包含一组模块,标准库(standard library).本章就重点讲讲这些标准库. 10.1模块 import从外部模块引入函数. >>> im ...
- GetLastError() 返回值一览
函数原型: DWORD GetLastError() 中文版(不完全) [0]-操作成功完成. [1]-功能错误. [2]-系统找不到指定的文件. [3]-系统找不到指定的路径. [4]-系统无法打开 ...
- python 异常处理_异常处理 — Python 3.7.9 文档
异常处理¶ The functions described in this chapter will let you handle and raise Python exceptions. It is ...
- ffmpeg的API函数变化记录
最近在搞ffmpeg的时候发现下面函数出错: tutor.o: In function \`our_get_buffer\': tutor.c:530: undefined reference to ...
- java 布尔表达式_java - 布尔值,条件运算符和自动装箱
java - 布尔值,条件运算符和自动装箱 为什么抛出false public static void main(String[] args) throws Exception { Boolean b ...
- 使用DPAPI加密或解密你的数据
对于小量数据的加密,我们可以使用DPAPI,对称密钥,非对称密钥等. 对于大量数据的加密,非对称密钥加密不仅麻烦,而且速度也很慢,同时还要对公钥和密钥进行保密. 使用对称密钥,速度是相当快的,但仍然要 ...
- mcq 队列_MCQ | 8086微处理器中的字符串操作指令
mcq 队列 Question 1: 问题1: A string is a collection of characters. Each Character is an of byte length ...
- 追根溯源:EntityFramework 实体的状态变化
阅读目录: 1. 应用场景 2. 场景测试 3. 问题分析 4. 追根溯源 5. 简要总结 1. 应用场景 首先,应用程序使用 EntityFramework,应用场景中有两个实体 S_Class(班 ...
- c 数组上限_高级I/O复用技术:Epoll的使用及一个完整的C实例含代码
高性能的网络服务器需要同时并发处理大量的客户端,而采用以前的那种对每个连接使用一个分开的线程或进程方法效率不高,因为处理大量客户端的时候,资源的使用及进程上下文的切换将会影响服务器的性能.一个可替代的 ...
最新文章
- 多级页表如何节省内存
- java培训有哪些收费标准
- ProGit-读书简记
- CSAPP实验二进制炸弹
- matlab常用的代码,matlab常用代码
- 程序员如何一键“Get”高清壁纸?
- 说一下你对多态的理解?_如何去理解java中的多态?从jvm角度分析也许让你更清晰...
- 【转】Android游戏框架AndEngine使用入门
- thinkphp验证码点击更换js实现
- java参数化查询_【转】参数化查询为什么能够防止SQL注入
- linux 将文件打包、压缩并分割成制定大小
- Scala中fold()操作和reduce()操作的区别
- 【美化桌面】删除电脑桌面快捷键箭头
- BZOJ 4987 (树形DP)
- 深度学习与自然语言处理(5)_斯坦福cs224d 大作业测验2与解答
- 计算机基础知识文件的复制移动,如何复制文件
- 医疗器械——与研发有关的法律法规和标准——共勉
- iphone 微信打开H5自动播放音乐问题
- java面向对象一些基本练习题6
- L2-1 拯救007(升级版)