利用WinDbg找出程序崩溃的代码行号

之前碰到论坛里有几个好友，说程序不时的崩溃，什么xxoo不能read的！

如果光要是这个内存地址，估计你会疯掉~~

所以分享一下基本的调试技巧，需要准备的工具有WinDbg + VC6.0，

下面是自己整理的一份自动生成DUMP文件的源代码，只需要添加到工程即可，源代码如下：

MiniDump.h
MiniDump.cpp

<具体请参考附件SRC中，太大就不贴了>

1、在CXXDlg::OnInitDialog()中添加这样一段：

1. BOOL CTestDlg::OnInitDialog()
   
2. {
   
3.         CDialog::OnInitDialog();
   
4.    
   
5.         // ......
   
6.         SetUnhandledExceptionFilter(CrashReportEx);
   
7.         HMODULE        hKernel32;
   
8. 
   
9.         // Try to get MiniDumpWriteDump() address.
   
10.         hDbgHelp = LoadLibrary("DBGHELP.DLL");
    
11.         MiniDumpWriteDump_ = (MINIDUMP_WRITE_DUMP)GetProcAddress(hDbgHelp, "MiniDumpWriteDump");
    
12.         //        d("hDbgHelp=%X, MiniDumpWriteDump_=%X", hDbgHelp, MiniDumpWriteDump_);
    
13.        
    
14.         // Try to get Tool Help library functions.
    
15.         hKernel32 = GetModuleHandle("KERNEL32");
    
16.         CreateToolhelp32Snapshot_ = (CREATE_TOOL_HELP32_SNAPSHOT)GetProcAddress(hKernel32, "CreateToolhelp32Snapshot");
    
17.         Module32First_ = (MODULE32_FIRST)GetProcAddress(hKernel32, "Module32First");
    
18.         Module32Next_ = (MODULE32_NEST)GetProcAddress(hKernel32, "Module32Next");
    
19. }

复制代码

下面是工程中的测试代码：

1. class CTestDlg : public CDialog
   
2. {
   
3. // Construction
   
4. public:
   
5.         CTestDlg(CWnd* pParent = NULL);        // standard constructor
   
6. 
   
7.         void Fun1(char *pszBuffer);
   
8.         void Fun2(char *pszBuffer);
   
9.         void Fun3(char *pszBuffer);
   
10. };

复制代码

1. void CTestDlg::Fun1(char *pszBuffer)
   
2. {
   
3.         Fun2(pszBuffer);
   
4. }
   
5. 
   
6. void CTestDlg::Fun2(char *pszBuffer)
   
7. {
   
8.         Fun3(pszBuffer);
   
9. }
   
10. 
    
11. void CTestDlg::Fun3(char *pszBuffer)
    
12. {
    
13.         pszBuffer[1] = 0x00;
    
14. }

复制代码

我们在双击确定按钮时的响应代码如下：

1. void CTestDlg::OnOK()
   
2. {
   
3.         // TODO: Add extra validation here
   
4.         Fun1(NULL);
   
5. }

复制代码

2、设置VC编译选项，勾选生成MAP和Debug Info、Progma Datebase:

2011-9-5 09:19 上传

下载附件 (55.12 KB)

2012-5-29 16:03 上传

下载附件 (82.96 KB)

3、将编译生成的Release目录中的pdb、map文件保存起来，以后调试会用到：

2011-9-5 09:19 上传

下载附件 (9.85 KB)

4、运行程序，单击确定按钮出现异常后自动重启，并创建一个Log文件夹，里面生成dump文件:

2011-9-5 09:19 上传

下载附件 (8.92 KB)

5、我们打开WinDbg，设置一下相关路径
    A、设置pdb路径（File \ Symbol File Path）
   

2012-5-29 16:06 上传

下载附件 (12.4 KB)

    B、设置源代码路径( File \ Source File Path )
   

2012-5-29 16:06 上传

下载附件 (11.05 KB)

    C、设置Exe路径( File \ Image File Path )
   

2012-5-29 16:06 上传

下载附件 (12.84 KB)

6、用WiinDbg打开dump文件（File \ Open Crash Dump）

2011-9-5 09:19 上传

下载附件 (112.02 KB)

7、输入命令!analyze -v，等待几秒后会打印出错误信息，函数调用栈如下图：

1. 
   
2. Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
   
3. Copyright (c) Microsoft Corporation. All rights reserved.
   
4. 
   
5. 
   
6. Loading Dump File [C:\Test\Release\Log\2012-05-29 160059.dmp]
   
7. User Mini Dump File: Only registers, stack and portions of memory are available
   
8. 
   
9. Symbol search path is: C:\Test\Release
   
10. Executable search path is: C:\Test\Release
    
11. Windows XP Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible
    
12. Product: WinNt, suite: SingleUserTS
    
13. Machine Name:
    
14. Debug session time: Tue May 29 16:00:59.000 2012 (GMT+8)
    
15. System Uptime: not available
    
16. Process Uptime: 0 days 0:00:01.000
    
17. ...................................
    
18. This dump file has an exception of interest stored in it.
    
19. The stored exception information can be accessed via .ecxr.
    
20. (1710.1450): Access violation - code c0000005 (first/second chance not available)
    
21. eax=00a80000 ebx=00157ea8 ecx=00000007 edx=7c92e514 esi=00157e80 edi=00157ed8
    
22. eip=7c92e514 esp=0012e830 ebp=0012e840 iopl=0         nv up ei pl zr na pe nc
    
23. cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    
24. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll -
    
25. ntdll!KiFastSystemCallRet:
    
26. 7c92e514 c3              ret
    
27. 0:000> !analyze -v
    
28. *******************************************************************************
    
29. *                                                                             *
    
30. *                        Exception Analysis                                   *
    
31. *                                                                             *
    
32. *******************************************************************************
    
33. 
    
34. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for mfc42.dll -
    
35. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for user32.dll -
    
36. ***** OS symbols are WRONG. Please fix symbols to do analysis.
    
37. 
    
38. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for kernel32.dll -
    
39. *************************************************************************
    
40. ***                                                                   ***
    
41. ***                                                                   ***
    
42. ***    Your debugger is not using the correct symbols                 ***
    
43. ***                                                                   ***
    
44. ***    In order for this command to work properly, your symbol path   ***
    
45. ***    must point to .pdb files that have full type information.      ***
    
46. ***                                                                   ***
    
47. ***    Certain .pdb files (such as the public OS symbols) do not      ***
    
48. ***    contain the required information.  Contact the group that      ***
    
49. ***    provided you with these symbols if you need this command to    ***
    
50. ***    work.                                                          ***
    
51. ***                                                                   ***
    
52. ***    Type referenced: IMAGE_NT_HEADERS32                            ***
    
53. ***                                                                   ***
    
54. *************************************************************************
    
55. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for ole32.dll -
    
56. *** ERROR: Symbol file could not be found.  Defaulted to export symbols for advapi32.dll -
    
57. *************************************************************************
    
58. ***                                                                   ***
    
59. ***                                                                   ***
    
60. ***    Your debugger is not using the correct symbols                 ***
    
61. ***                                                                   ***
    
62. ***    In order for this command to work properly, your symbol path   ***
    
63. ***    must point to .pdb files that have full type information.      ***
    
64. ***                                                                   ***
    
65. ***    Certain .pdb files (such as the public OS symbols) do not      ***
    
66. ***    contain the required information.  Contact the group that      ***
    
67. ***    provided you with these symbols if you need this command to    ***
    
68. ***    work.                                                          ***
    
69. ***                                                                   ***
    
70. ***    Type referenced: kernel32!pNlsUserInfo                         ***
    
71. ***                                                                   ***
    
72. *************************************************************************
    
73. *************************************************************************
    
74. ***                                                                   ***
    
75. ***                                                                   ***
    
76. ***    Your debugger is not using the correct symbols                 ***
    
77. ***                                                                   ***
    
78. ***    In order for this command to work properly, your symbol path   ***
    
79. ***    must point to .pdb files that have full type information.      ***
    
80. ***                                                                   ***
    
81. ***    Certain .pdb files (such as the public OS symbols) do not      ***
    
82. ***    contain the required information.  Contact the group that      ***
    
83. ***    provided you with these symbols if you need this command to    ***
    
84. ***    work.                                                          ***
    
85. ***                                                                   ***
    
86. ***    Type referenced: kernel32!pNlsUserInfo                         ***
    
87. ***                                                                   ***
    
88. *************************************************************************
    
89. 
    
90. FAULTING_IP:
    
91. Test!CTestDlg::Fun3+6 [C:\Test\TestDlg.cpp @ 141]
    
92. 00401ca6 c6400100        mov     byte ptr [eax+1],0
    
93. 
    
94. EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
    
95. ExceptionAddress: 00401ca6 (Test!CTestDlg::Fun3+0x00000006)
    
96.    ExceptionCode: c0000005 (Access violation)
    
97.   ExceptionFlags: 00000000
    
98. NumberParameters: 2
    
99.    Parameter[0]: 00000001
    
100.    Parameter[1]: 00000001
     
101. Attempt to write to address 00000001
     
102. 
     
103. PROCESS_NAME:  Test.exe
     
104. 
     
105. ADDITIONAL_DEBUG_TEXT: 
     
106. Use '!findthebuild' command to search for the target build information.
     
107. If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
     
108. 
     
109. MODULE_NAME: Test
     
110. 
     
111. FAULTING_MODULE: 7c920000 ntdll
     
112. 
     
113. DEBUG_FLR_IMAGE_TIMESTAMP:  4fc48236
     
114. 
     
115. ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
     
116. 
     
117. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"
     
118. 
     
119. EXCEPTION_PARAMETER1:  00000001
     
120. 
     
121. EXCEPTION_PARAMETER2:  00000001
     
122. 
     
123. WRITE_ADDRESS:  00000001
     
124. 
     
125. FOLLOWUP_IP:
     
126. Test!CTestDlg::Fun3+6 [C:\Test\TestDlg.cpp @ 141]
     
127. 00401ca6 c6400100        mov     byte ptr [eax+1],0
     
128. 
     
129. FAULTING_THREAD:  00001450
     
130. 
     
131. BUGCHECK_STR:  APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE_WRONG_SYMBOLS
     
132. 
     
133. PRIMARY_PROBLEM_CLASS:  NULL_CLASS_PTR_DEREFERENCE
     
134. 
     
135. DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE
     
136. 
     
137. LAST_CONTROL_TRANSFER:  from 00401c9c to 00401ca6
     
138. 
     
139. STACK_TEXT: 
     
140. 0012f89c 00401c9c 00000000 0012f8b4 00401c8c Test!CTestDlg::Fun3+0x6 [C:\Test\TestDlg.cpp @ 141]
     
141. 0012f8a8 00401c8c 00000000 0012f8cc 00401f27 Test!CTestDlg::Fun2+0xc [C:\Test\TestDlg.cpp @ 137]
     
142. 0012f8b4 00401f27 00000000 73d323eb 73dcf07c Test!CTestDlg::Fun1+0xc [C:\Test\TestDlg.cpp @ 132]
     
143. 0012f8bc 73d323eb 73dcf07c 00000111 0012f8fc Test!CTestDlg::OnOK+0x7 [C:\Test\TestDlg.cpp @ 242]
     
144. WARNING: Stack unwind information not available. Following frames may be wrong.
     
145. 0012f8cc 73d322fd 0012fe94 00000001 00000000 mfc42!Ordinal567+0xa2
     
146. 0012f8fc 73d976e5 00000001 00000000 00000000 mfc42!Ordinal4424+0x108
     
147. 0012f920 73d33094 00000001 00000000 00000000 mfc42!Ordinal4431+0x1b
     
148. 0012f970 73d31b58 00000000 0014120e 0012fe94 mfc42!Ordinal4441+0x51
     
149. 0012f9f0 73d31b07 00000111 00000001 0014120e mfc42!Ordinal5163+0x2f
     
150. 0012fa10 73d31a78 00000111 00000001 0014120e mfc42!Ordinal6374+0x22
     
151. 0012fa70 73d319d0 0012fe94 00000000 00000111 mfc42!Ordinal1109+0x91
     
152. 0012fa90 73dbe47c 0018124c 00000111 00000001 mfc42!Ordinal1578+0x34
     
153. 0012fabc 77d18734 0018124c 00000111 00000001 mfc42!Ordinal1579+0x39
     
154. 0012fae8 77d18816 73dbe443 0018124c 00000111 user32!GetDC+0x6d
     
155. 0012fb50 77d2927b 00000000 73dbe443 0018124c user32!GetDC+0x14f
     
156. 0012fb8c 77d292e3 006d5120 007101c8 00000001 user32!GetParent+0x16c
     
157. 0012fbac 77d4ff7d 0018124c 00000111 00000001 user32!SendMessageW+0x49
     
158. 0012fbc4 77d465d2 007156c0 00000000 007156c0 user32!CreateMDIWindowA+0x1bd
     
159. 0012fbe0 77d25e94 001530ec 00000001 00000000 user32!DeregisterShellHookWindow+0x6312
     
160. 0012fc64 77d3b082 007156c0 00000202 00000000 user32!IsDlgButtonChecked+0x109a
     
161. 0012fc84 77d18734 0014120e 00000202 00000000 user32!SoftModalMessageBox+0xda3
     
162. 0012fcb0 77d18816 77d3b036 0014120e 00000202 user32!GetDC+0x6d
     
163. 0012fd18 77d189cd 00000000 77d3b036 0014120e user32!GetDC+0x14f
     
164. 0012fd78 77d18a10 00404314 00000000 0012fdac user32!GetWindowLongW+0x127
     
165. 0012fd88 77d274ff 00404314 00404314 0040431c user32!DispatchMessageW+0xf
     
166. 0012fdac 77d3c6d3 0018124c 007156c0 00404314 user32!IsDialogMessageW+0xdb
     
167. 0012fdcc 73d45202 0018124c 00404314 0012fe94 user32!IsDialogMessage+0x4a
     
168. 0012fddc 73d39be0 00404314 73d451ce 00404314 mfc42!Ordinal4047+0x2f
     
169. 0012ff00 73d3c1cf 006f0072 00142373 00000000 mfc42!Ordinal5278+0x29
     
170. 004034c0 00401c20 004019f0 00401a00 00401a10 mfc42!Ordinal1576+0x47
     
171. 004034c4 004019ef 00401a00 00401a10 00402130 Test!CTestDlg::`scalar deleting destructor'
     
172. 004034c8 004019ff 00401a10 00402130 0040212a Test!CTestDlg::~CTestDlg+0xf
     
173. 004034cc 00401a0f 00402130 0040212a 0040203a Test!CObject::Serialize+0xf
     
174. 004034d0 00402130 0040212a 0040203a 00402034 Test!CObject::AssertValid+0xf
     
175. 004034d4 0040212a 0040203a 00402034 0040202e Test!CDialog::OnCmdMsg
     
176. 004034d8 0040203a 00402034 0040202e 00402028 Test!CWnd::OnFinalRelease
     
177. 004034dc 00402034 0040202e 00402028 00402022 Test!CCmdTarget::IsInvokeAllowed
     
178. 004034e0 0040202e 00402028 00402022 00401c70 Test!CCmdTarget::GetDispatchIID
     
179. 004034e4 00402028 00402022 00401c70 0040201c Test!CCmdTarget::GetTypeInfoCount
     
180. 004034e8 00402022 00401c70 0040201c 00402016 Test!CCmdTarget::GetTypeLibCache
     
181. 004034ec 00401c6f 0040201c 00402016 00402010 Test!CCmdTarget::GetTypeLib
     
182. 004034f0 0040201c 00402016 00402010 0040200a Test!CTestDlg::_GetBaseMessageMap+0xf
     
183. 004034f4 00402016 00402010 0040200a 00402004 Test!CCmdTarget::GetCommandMap
     
184. 004034f8 00402010 0040200a 00402004 00401ffe Test!CCmdTarget::GetDispatchMap
     
185. 004034fc 0040200a 00402004 00401ffe 00401ff8 Test!CCmdTarget::GetConnectionMap
     
186. 00403500 00402004 00401ffe 00401ff8 00401ff2 Test!CCmdTarget::GetInterfaceMap
     
187. 00403504 00401ffe 00401ff8 00401ff2 00401fec Test!CCmdTarget::GetEventSinkMap
     
188. 00403508 00401ff8 00401ff2 00401fec 00402124 Test!CCmdTarget::OnCreateAggregates
     
189. 00403608 004022fc 00402310 00000000 19930520 Test!CCmdTarget::GetInterfaceHook
     
190. 0040360c 00402310 00000000 19930520 00000008 Test!WinMainCRTStartup+0x13e
     
191. 00403610 00000000 19930520 00000008 00403638 Test!WinMainCRTStartup+0x152
     
192. 
     
193. 
     
194. STACK_COMMAND:  ~0s; .ecxr ; kb
     
195. 
     
196. FAULTING_SOURCE_CODE: 
     
197.    137: }
     
198.    138:
     
199.    139: void CTestDlg::Fun3(char *pszBuffer)
     
200.    140: {
     
201. >  141:         pszBuffer[1] = 0x00;
     
202.    142: }
     
203.    143:
     
204.    144: BOOL CTestDlg::OnInitDialog()
     
205.    145: {
     
206.    146:         CDialog::OnInitDialog();
     
207. 
     
208. 
     
209. SYMBOL_STACK_INDEX:  0
     
210. 
     
211. SYMBOL_NAME:  Test!CTestDlg::Fun3+6
     
212. 
     
213. FOLLOWUP_NAME:  MachineOwner
     
214. 
     
215. IMAGE_NAME:  Test.exe
     
216. 
     
217. BUCKET_ID:  WRONG_SYMBOLS
     
218. 
     
219. FAILURE_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE_c0000005_Test.exe!CTestDlg::Fun3
     
220. 
     
221. WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/Test_exe/1_0_0_1/4fc48236/Test_exe/1_0_0_1/4fc48236/c0000005/00001ca6.htm?Retriage=1
     
222. 
     
223. Followup: MachineOwner
     
224. ---------

复制代码

OK ，这样我们就能在发布版本的程序中，准确的定位到哪个函数出了问题，所以发布程序时，一定要记得生成pdb、map文件，不然客户运行出错的话，你不死也残！

测试工程下载地址：

 

DumpTest.rar

原文链接:
http://blog.csdn.net/wangningyu/article/details/6748138