locked
用Windbg檢視dmp檔,希望能有大大指導如何分析進而除錯,謝謝 RRS feed

  • 問題

  • 各位程式高手大大,以下是xp系統發生錯誤的dmp檔,我知道這算是系統類的問題,但用windbg程式來檢視dmp檔,內容就與程式語言有很大的相關性了,我對組譯反組譯、編譯語言沒有很深入的瞭解,雖然讀書時有學…忘了,但很想瞭解以下dmp檔內的訊息,請高手大大能指導我瞭解,此dmp檔反映系統的錯誤,大概是發生在那個程式的衝突?如以下有一段ERRPR_CODESadNTSTATUS)0xc0000005…這又是反映什麼訊息呢…唉,想當高除錯高手,但遇到程式言語及機械語言就掛了,煩請指導,謝謝
    FAULTING_IP:
    ntdll+10de3
    7c930de3 663b10          cmp     dx,word ptr [eax]

    EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
    ExceptionAddress: 7c930de3 (ntdll+0x00010de3)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 00000000
       Parameter[1]: 02990580
    Attempt to read from address 02990580

    DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

    PROCESS_NAME:  kavsvc.exe

    FAULTING_MODULE: 7c920000 ntdll

    DEBUG_FLR_IMAGE_TIMESTAMP:  446ca255

    ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx"

    READ_ADDRESS:  02990580

    BUGCHECK_STR:  ACCESS_VIOLATION

    LAST_CONTROL_TRANSFER:  from 5dd09af0 to 7c930de3

    STACK_TEXT: 
    WARNING: Stack unwind information not available. Following frames may be wrong.
    03427a34 5dd09af0 00b60000 00000000 00b9d978 ntdll+0x10de3
    00000000 00000000 00000000 00000000 00000000 prloader+0x9af0


    FOLLOWUP_IP:
    prloader+9af0
    5dd09af0 ??              ???

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  prloader+9af0

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: prloader

    IMAGE_NAME:  prloader.dll

    FAULTING_THREAD:  000004dc

    STACK_COMMAND:  ~43s; .ecxr ; kb

    BUCKET_ID:  WRONG_SYMBOLS

    Followup: MachineOwner
    ---------

    0:043> lmvm ntdll
    start    end        module name
    7c920000 7c9b5000   ntdll    T (no symbols)          
        Loaded symbol image file: ntdll.dll
        Image path: C:\WINDOWS\system32\ntdll.dll
        Image name: ntdll.dll
        Timestamp:        Wed Aug 04 15:47:32 2004 (41109494)
        CheckSum:         00092448
        ImageSize:        00095000
        File version:     5.1.2600.2180
        Product version:  5.1.2600.2180
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        2.0 Dll
        File date:        00000000.00000000
        Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0
    0:043> lmvm prloader
    start    end        module name
    5dd00000 5dd20000   prloader T (no symbols)          
        Loaded symbol image file: prloader.dll
        Image path: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\prloader.dll
        Image name: prloader.dll
        Timestamp:        Fri May 19 00:35:33 2006 (446CA255)
        CheckSum:         00000000
        ImageSize:        00020000
        File version:     5.0.676.0
        Product version:  5.0.676.0
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        1.0 App
        File date:        00000000.00000000
        Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0

    2007年7月10日 上午 08:06