1

user32.dll 的 TranslateMessage() API 抛出异常。当我尝试在 windbg 命令中使用 !analyze -v 分析异常时,我得到了以下信息。谁能帮我解码错误

FAULTING_IP: 
+0
ffffffff`e85b6720 ??              ???

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: ffffffffe85b6720
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000008
   Parameter[1]: ffffffffe85b6720
Attempt to execute non-executable address ffffffffe85b6720

FAULTING_THREAD:  000000000000642c

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

PROCESS_NAME:  CapGM.exe

ADDITIONAL_DEBUG_TEXT:  
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.

MODULE_NAME: mfc100u

FAULTING_MODULE: 0000000077720000 ntdll

DEBUG_FLR_IMAGE_TIMESTAMP:  4df2cfdb

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000008

EXCEPTION_PARAMETER2:  ffffffffe85b6720

WRITE_ADDRESS:  ffffffffe85b6720 

FOLLOWUP_IP: 
mfc100u+2745a8
00000000`74eb45a8 488bf0          mov     rsi,rax

FAILED_INSTRUCTION_ADDRESS: 
+2745a8
ffffffff`e85b6720 ??              ???

APP:  capgm.exe

IP_ON_HEAP:  ffffffffe85b6720
The fault address in not in any loaded module, please check your build's rebase
log at <releasedir>\bin\build_logs\timebuild\ntrebase.log for module which may
contain the address if it were loaded.

PRIMARY_PROBLEM_CLASS:  WRONG_SYMBOLS

BUGCHECK_STR:  APPLICATION_FAULT_WRONG_SYMBOLS

LAST_CONTROL_TRANSFER:  from 0000000077519bd1 to ffffffffe85b6720

STACK_TEXT:  
00000000`003bbb68 00000000`77519bd1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`775172cb : 0xffffffff`e85b6720
00000000`003bbb70 00000000`775172cb : 00000000`00000000 ffffffff`e85b6720 00000000`00000000 00000000`00000000 : USER32!TranslateMessageEx+0x2a1
00000000`003bbc30 00000000`77516829 : 00000000`00000000 00000000`003bbd78 000007fe`ecfede14 00000018`000000c8 : USER32!SetWindowTextW+0x277
00000000`003bbc90 00000000`777711f5 : 00000000`00000000 000007fe`ecfb0000 00000000`000003e9 00000000`0055055c : USER32!IsDialogMessageW+0x169
00000000`003bbcf0 00000000`7751041a : 00000000`77510397 00000000`003bc1a8 00000000`00000000 00000000`003bc1a8 : ntdll!KiUserCallbackDispatcher+0x1f
00000000`003bbd78 00000000`77510397 : 00000000`003bc1a8 00000000`00000000 00000000`003bc1a8 00000000`003bc1a8 : USER32!SendMessageTimeoutW+0x95a
00000000`003bbd80 00000000`775105d8 : 00000000`00000000 00000000`00000002 00000000`00000000 00000000`56000000 : USER32!SendMessageTimeoutW+0x8d7
00000000`003bc0f0 00000000`77510880 : 00000000`00000148 00000000`56000000 00000000`003bc3d9 00000000`74f0c6b0 : USER32!SendMessageTimeoutW+0xb18
00000000`003bc240 00000000`74eb45a8 : 00000000`00582960 00000000`00000000 00000000`00000320 00000000`00900000 : USER32!CreateWindowExW+0x70
00000000`003bc2c0 00000000`74eac377 : 00000000`0c07e510 00000000`0c07e510 00000000`00000000 00000000`00900000 : mfc100u+0x2745a8
00000000`003bc340 00000000`74eac4b6 : 00000000`0055055c 00000000`0c07e510 00000000`56000000 00000000`00000318 : mfc100u+0x26c377
00000000`003bc400 000007fe`e8ba1316 : 00000000`00000000 00000000`003be330 00000000`0bee1a80 00000000`0c07e510 : mfc100u+0x26c4b6
00000000`003bc470 000007fe`ecfdaab6 : ffffffff`ffffffff 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : FrontEnd!FrontWindowFactory<dFrontWindow>::create+0x136

我知道翻译消息试图访问一些错误的地址,但我该如何解决?

4

2 回答 2

1

The Problem is Fixed. The error was in SetWindowLongPtr(). This is 64 bit variant of SetWindowLong().Though the function was changed but the value of its wriiten was still captured in long variable.Changing it to LONG_PTR fixed the issue. Now the address doesnot get truncated and the corresponding user routine gets called.

Thanks for everyone's help :)

于 2014-04-02T01:59:03.330 回答
0

就像上面提到的其他人一样 - 首先要做的是获得正确的符号。

Microsoft 为其 Windows 二进制文件公开了公共符号。这将更好地了解出了什么问题。

现在,查看您共享的 !analyze 输出和 TranslateMessage 的签名。

BOOL WINAPI TranslateMessage( _In_ const MSG *lpMsg );

我最好的猜测是你没有验证这lpMsg是一个真正的输入。您可以粘贴通过的输入吗?

一般而言,已经存在一段时间的经验法则公共 API 已经过很好的测试。因此,如果那里出了问题,最好检查一下我们的程序传递给它的输入是什么:)

于 2014-03-28T05:01:52.160 回答