我花了一整天时间并且无法加载符号。 windbg中的堆栈跟踪仍然显示我的应用程序的十六进制地址,并且无法验证我的exe的校验和。
我有十六进制地址,windbg日志,exe和pdb文件。我可以不手动找出最后一个被调用的函数。
如果你感兴趣,这是日志: -
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for vrfcore.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for combase.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for oleaut32.dll -
*** WARNING: Unable to verify checksum for MYapp.exe
*** ERROR: Module load completed but symbols could not be loaded for MYapp.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for user32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for appcore.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for appengine.dll -
***** OS symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_PEB ***
*** ***
*************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for kernel32.dll -
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!IMAGE_NT_HEADERS32 ***
*** ***
*************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ole32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for KERNELBASE.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for mswsock.dll -
FAULTING_IP:
ntdll!RtlpNtMakeTemporaryKey+2467
7748a947 eb11 jmp ntdll!RtlpNtMakeTemporaryKey+0x247a (7748a95a)
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 7748a947 (ntdll!RtlpNtMakeTemporaryKey+0x00002467)
ExceptionCode: c0000374
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 7749e1e8
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
PROCESS_NAME: MYapp.exe
ADDITIONAL_DEBUG_TEXT:
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.
FAULTING_MODULE: 773b0000 ntdll
DEBUG_FLR_IMAGE_TIMESTAMP: 50108a69
ERROR_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted.
EXCEPTION_CODE: (NTSTATUS) 0xc0000374 - A heap has been corrupted.
EXCEPTION_PARAMETER1: 7749e1e8
APP: myapp.exe
PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS
BUGCHECK_STR: APPLICATION_FAULT_WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from 7748bbff to 7748a947
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
0072b7b4 7748bbff c0000374 7749e1e8 0072b7f8 ntdll!RtlpNtMakeTemporaryKey+0x2467
0072b7c4 7748ac55 00000002 97dca43f 03d30000 ntdll!RtlpNtMakeTemporaryKey+0x371f
0072b7f8 77425b89 00000008 03d30000 082a15e8 ntdll!RtlpNtMakeTemporaryKey+0x2775
0072b82c 6ff9a6df 03d30000 00000000 082a15f0 ntdll!RtlCreateUserThread+0x4549
0072b844 771b3da8 03d30000 00000000 082a15f0 vrfcore!VerifierSetAPIClassName+0x116
0072b858 7539d0cc 772bd7c8 082a15f0 082a15f0 combase!CoGetMalloc+0x570
0072b874 753344cc 00000010 75334490 082a15f4 oleaut32!VarFormatFromTokens+0x15a25
0072b888 00ed41ad 082a15f4 e198556c 0072b9b8 oleaut32!SysFreeString+0x3c
0072b988 00edad3f 0072b9b4 0072b9f4 06a97188 MYapp+0x141ad
0072bb1c 00ee00f7 06502f40 0072be08 e19857ac MYapp+0x1ad3f
0072bb48 00ecb4a8 0072bb78 0072be08 e1985740 MYapp+0x200f7
0072bba4 00ee0902 0072be94 0072be08 e198571c MYapp+0xb4a8
0072bbf8 00ec87b8 05c9a530 e19850fc 00000000 MYapp+0x20902
0072bc18 00edccb3 0072be08 e198508c 0000000a MYapp+0x87b8
0072bc68 00edc98f 0072bdec e198509c 05c9964c MYapp+0x1ccb3
0072bf0c 00ec5dc7 0072c044 e1982de4 0072c264 MYapp+0x1c98f
0072c100 757477d8 002a020c 0000c1be 00000000 MYapp+0x5dc7
0072c12c 757478cb 00ec5af0 002a020c 0000c1be user32!gapfnScSendMessage+0x4e0
0072c1a8 7574f139 00ec5af0 00ec5af0 00000000 user32!gapfnScSendMessage+0x5d3
0072c210 7574aaa6 04819c60 00000000 0000c1be user32!PostMessageA+0x15e
0072c23c 6ee5b057 002a020c 0000c1be 00000000 user32!SendMessageW+0x52
....
STACK_COMMAND: ~0s; .ecxr ; kb
FOLLOWUP_IP:
oleaut32!VarFormatFromTokens+15a25
7539d0cc e98573f9ff jmp oleaut32!VariantInit+0xb46 (75334456)
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: oleaut32!VarFormatFromTokens+15a25
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: oleaut32
IMAGE_NAME: oleaut32.dll
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: WRONG_SYMBOLS_c0000374_oleaut32.dll!VarFormatFromTokens
---------
在将符号路径添加到包含Myapp.pdb
的目录之后重新加载/ f0:000> !sym noisy; .reload /f MYApp.exe
noisy mode - symbol prompts on
DBGHELP: none - file not found
*** WARNING: Unable to verify checksum for MYapp.exe
*** ERROR: Module load completed but symbols could not be loaded for MYapp.exe
DBGHELP: MYapp - no symbols loaded