史萊姆論壇 - 查看單個文章

風流瀟灑 · 2007-07-10, 04:04 PM

各位程式高手大大，以下是xp系統發生錯誤的dmp檔，我知道這算是系統類的問題，但用windbg程式來檢視dmp檔，內容就與程式語言有很大的相關性了，我對組譯反組譯、編譯語言沒有很深入的瞭解，雖然讀書時有學…忘了，但很想瞭解以下dmp檔內的訊息，請高手大大能指導我瞭解，此dmp檔反映系統的錯誤，大概是發生在那個程式的衝突？如以下有一段ERRPR_CODE

NTSTATUS)0xc0000005…這又是反映什麼訊息呢…唉，想當高除錯高手，但遇到程式言語及機械語言就掛了，煩請指導，謝謝
FAULTING_IP:
ntdll+10de3
7c930de3 663b10 cmp dx,word ptr [eax]

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 7c930de3 (ntdll+0x00010de3)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 02990580
Attempt to read from address 02990580

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

PROCESS_NAME: kavsvc.exe

FAULTING_MODULE: 7c920000 ntdll

DEBUG_FLR_IMAGE_TIMESTAMP: 446ca255

ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

READ_ADDRESS: 02990580

BUGCHECK_STR: ACCESS_VIOLATION

LAST_CONTROL_TRANSFER: from 5dd09af0 to 7c930de3

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
03427a34 5dd09af0 00b60000 00000000 00b9d978 ntdll+0x10de3
00000000 00000000 00000000 00000000 00000000 prloader+0x9af0

FOLLOWUP_IP:
prloader+9af0
5dd09af0 ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: prloader+9af0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: prloader

IMAGE_NAME: prloader.dll

FAULTING_THREAD: 000004dc

STACK_COMMAND: ~43s; .ecxr ; kb

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

0:043> lmvm ntdll
start end module name
7c920000 7c9b5000 ntdll T (no symbols)
Loaded symbol image file: ntdll.dll
Image path: C:\WINDOWS\system32\ntdll.dll
Image name: ntdll.dll
Timestamp: Wed Aug 04 15:47:32 2004 (41109494)
CheckSum: 00092448
ImageSize: 00095000
File version: 5.1.2600.2180
Product version: 5.1.2600.2180
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
0:043> lmvm prloader
start end module name
5dd00000 5dd20000 prloader T (no symbols)
Loaded symbol image file: prloader.dll
Image path: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\prloader.dll
Image name: prloader.dll
Timestamp: Fri May 19 00:35:33 2006 (446CA255)
CheckSum: 00000000
ImageSize: 00020000
File version: 5.0.676.0
Product version: 5.0.676.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

2007-07-10, 04:04 PM	#1
風流瀟灑註冊會員榮譽勳章勳章總數0 UID - 273105 在線等級: 註冊日期: 2007-07-10 文章: 10 精華: 0 現金: 14 金幣資產: 14 金幣	Sorry，雖然算是系統的問題，但也與程式有很大的相關性… 各位程式高手大大，以下是xp系統發生錯誤的dmp檔，我知道這算是系統類的問題，但用windbg程式來檢視dmp檔，內容就與程式語言有很大的相關性了，我對組譯反組譯、編譯語言沒有很深入的瞭解，雖然讀書時有學…忘了，但很想瞭解以下dmp檔內的訊息，請高手大大能指導我瞭解，此dmp檔反映系統的錯誤，大概是發生在那個程式的衝突？如以下有一段ERRPR_CODENTSTATUS)0xc0000005…這又是反映什麼訊息呢…唉，想當高除錯高手，但遇到程式言語及機械語言就掛了，煩請指導，謝謝 FAULTING_IP: ntdll+10de3 7c930de3 663b10 cmp dx,word ptr [eax] EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 7c930de3 (ntdll+0x00010de3) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 02990580 Attempt to read from address 02990580 DEFAULT_BUCKET_ID: WRONG_SYMBOLS PROCESS_NAME: kavsvc.exe FAULTING_MODULE: 7c920000 ntdll DEBUG_FLR_IMAGE_TIMESTAMP: 446ca255 ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" READ_ADDRESS: 02990580 BUGCHECK_STR: ACCESS_VIOLATION LAST_CONTROL_TRANSFER: from 5dd09af0 to 7c930de3 STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 03427a34 5dd09af0 00b60000 00000000 00b9d978 ntdll+0x10de3 00000000 00000000 00000000 00000000 00000000 prloader+0x9af0 FOLLOWUP_IP: prloader+9af0 5dd09af0 ?? ??? SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: prloader+9af0 FOLLOWUP_NAME: MachineOwner MODULE_NAME: prloader IMAGE_NAME: prloader.dll FAULTING_THREAD: 000004dc STACK_COMMAND: ~43s; .ecxr ; kb BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner --------- 0:043> lmvm ntdll start end module name 7c920000 7c9b5000 ntdll T (no symbols) Loaded symbol image file: ntdll.dll Image path: C:\WINDOWS\system32\ntdll.dll Image name: ntdll.dll Timestamp: Wed Aug 04 15:47:32 2004 (41109494) CheckSum: 00092448 ImageSize: 00095000 File version: 5.1.2600.2180 Product version: 5.1.2600.2180 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0 0:043> lmvm prloader start end module name 5dd00000 5dd20000 prloader T (no symbols) Loaded symbol image file: prloader.dll Image path: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\prloader.dll Image name: prloader.dll Timestamp: Fri May 19 00:35:33 2006 (446CA255) CheckSum: 00000000 ImageSize: 00020000 File version: 5.0.676.0 Product version: 5.0.676.0 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

	送花文章: 1, 收花文章: 1 篇, 收花: 3 次