C++ windows windbg 定位程序coredump问题
1、生成coredump文件(PS:core文件(.dmp文件)里面保存了程序coredump时的堆栈信息):
a)代码修改
添加dump.h文件:
下载地址:
链接: https://pan.baidu.com/s/1xGQRFm_zr-5cJTSHECCmvw 密码: we49
在main()函数开始,初始化dump(PS:本文以QT程序为例,C++程序都可以按此方法操作):
main.cpp: int main(int argc, char *argv[]) { QApplication a(argc, argv); DeclareDumpFile(); Automation w; w.show(); return a.exec(); } automation.cpp: Automation::Automation(QWidget *parent) : QMainWindow(parent) { ui.setupUi(this); connect(ui.Test_pushButton, &QPushButton::clicked, this, &Automation::TestFunc); } Automation::~Automation() { } void Automation::TestFunc() { //test int x = 1; int y = x + 1;char* p1 = NULL; char pv = *p1; //coredump位置
int z = 3; return; }
b)VS设置
需要设置Unicode字符集才可编译通过:
设置生成map文件和pdb文件:
编译生成新的exe,执行后可以生成core文件:
2、打开coredump文件
a)下载windbg工具,打开windbg工具,本人用的版本是6.1 x64;
b)“ctrl+S”,设置符号,输入如下内容(PS:D:\\data_store\\symbolslocal目录是本地路径可以修改):
srv*D:\\data_store\\symbolslocal*http://msdl.microsoft.com/download/symbols
c)将.pdb文件放入符号表目录:D:\\data_store\\symbolslocal
d)“ctrl+D” 打开生成的dmp文件;
e)输入命令“!analyze -v”分析dmp文件:
3、分析coredump文件
a) 查看上一步分析结果,找到关键信息:
coredump原因:
该错误码含义:
Exception code c0000005 is the code for an access violation. That means that your program is accessing (either reading or writing) a memory address to which it does not have rights. Most commonly this is caused by:
Accessing a stale pointer. That is accessing memory that has already been deallocated. Note that such stale pointer accesses do not always result in access violations. Only if the memory manager has returned the memory to the system do you get an access violation.
Reading off the end of an array. This is when you have an array of length N and you access elements with index >=N.
To solve the problem you'll need to do some debugging. If you are not in a position to get the fault to occur under your debugger on your development machine you should get a crash dump file and load it into your debugger. This will allow you to see where in the code the problem occurred and hopefully lead you to the solution. You'll need to have the debugging symbols associated with the executable in order to see meaningful stack traces.
错误位置,可以看到Automation::TestFunc()函数抛出了异常:
b)查看map文件:
关键信息:
0001:000019c0 ?TestFunc@Automation@@QEAAXXZ 00000001400029c0 f automation.obj
如果dmp文件中没有显示函数名,也可能显示为000000013f2a29e9,只看最后3字节:9e9,在map文件里面找比该数据稍小的函数地址,也可以找到TestFunc函数 9e9H = 9C0H + 0x29
c)进一步看是哪一行代码:
我们可以看到,错误位置是函数TestFunc,偏移0x29的位置,那么这个位置是代码哪一行呢?
在VS2005之前:(不包括VS2005):
在链接器里面添加属性 "/MAPINFO:LINES" 可以导出行信息到map文件中,就可以直接查看代码行了,不过之后,微软去掉了该命令;
在VS2005之后,怎么查看呢?
设置生成cod文件:
查看生成的cod文件,可以看到执行“char pv = *p1;”时,拷贝出现异常。
?TestFunc@Automation@@QEAAXXZ PROC ; Automation::TestFunc
; 16 : {
$LN3:
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
00005 48 83 ec 28 sub rsp, 40 ; 00000028H
; 17 : //test
; 18 : int x = 1;
00009 c7 44 24 04 01
00 00 00 mov DWORD PTR x$[rsp], 1
; 19 : int y = x + 1;
00011 8b 44 24 04 mov eax, DWORD PTR x$[rsp]
00015 ff c0 inc eax
00017 89 44 24 08 mov DWORD PTR y$[rsp], eax
; 20 :
; 21 : char* p1 = NULL;
0001b 48 c7 44 24 10
00 00 00 00 mov QWORD PTR p1$[rsp], 0
; 22 : char pv = *p1;
00024 48 8b 44 24 10 mov rax, QWORD PTR p1$[rsp]
00029 0f b6 00 movzx eax, BYTE PTR [rax]
0002c 88 04 24 mov BYTE PTR pv$[rsp], al
; 23 :
; 24 : int z = 3;
0002f c7 44 24 0c 03
00 00 00 mov DWORD PTR z$[rsp], 3
; 25 : return;
; 26 : }
00037 48 83 c4 28 add rsp, 40 ; 00000028H
0003b c3 ret 0
?TestFunc@Automation@@QEAAXXZ ENDP ; Automation::TestFunc
.cod文件比较大,可以根据情况看是否需要生成,一般情况下,定位到函数,就可以找到问题了;