小贝子编程

windbg未知方法名称



我正在尝试弄清楚使用windbg崩溃的代码。

我们在以下文件夹中有.pdb符号:

E:MyApplication

为了加载符号,我们将符号路径设置为:

E:MyApplication;srv*E:Symbols*https://msdl.microsoft.com/download/symbols;

这应该从e驱动器加载我们的本地PDB文件,然后将所有其他符号从符号服务器加载并缓存到E: Symbols文件夹。

但是,如果我设置了!sym noisy,然后运行!analyze -v

SYMSRV:  UNC: 
e:MyApplicationMyApplication.exe5AB2A76A278000MyApplication.exe - path not found
SYMSRV:  UNC: e:MyApplicationMyApplication.exe5AB2A76A278000MyApplication.ex_ - path not found
SYMSRV:  UNC: e:MyApplicationMyApplication.exe5AB2A76A278000file.ptr - path not found
SYMSRV:  RESULT: 0x80070003
SYMSRV:  BYINDEX: 0x1A
         e:symbols*https://msdl.microsoft.com/download/symbols
         MyApplication.exe
         5AB2A76A278000
SYMSRV:  UNC: e:symbolsMyApplication.exe5AB2A76A278000MyApplication.exe - path not found
SYMSRV:  UNC: e:symbolsMyApplication.exe5AB2A76A278000MyApplication.ex_ - path not found
SYMSRV:  UNC: e:symbolsMyApplication.exe5AB2A76A278000file.ptr - path not found
SYMSRV:  HTTPGET: /download/symbols/MyApplication.exe/5AB2A76A278000/MyApplication.exe
SYMSRV:  HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV:  HTTPGET: /download/symbols/MyApplication.exe/5AB2A76A278000/MyApplication.ex_
SYMSRV:  HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV:  HTTPGET: /download/symbols/MyApplication.exe/5AB2A76A278000/file.ptr
SYMSRV:  HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV:  RESULT: 0x80190194
DBGHELP: C:Program Files (x86)Windows Kits10DebuggersMyApplication.exe - file not found
DBGHELP: e:MyApplicationMyApplication.exe - OK
DBGHELP: e:MyApplicationMyApplication.exe found
DBGENG:  Partial symbol load found image e:MyApplicationMyApplication.exe.
SYMSRV:  BYINDEX: 0x1B
         e:MyApplication
         MyApplication.pdb
         AC8AC5D12F6C47259920050B2F46CEF81
SYMSRV:  UNC: e:MyApplicationMyApplication.pdbAC8AC5D12F6C47259920050B2F46CEF81MyApplication.pdb - path not found
SYMSRV:  UNC: e:MyApplicationMyApplication.pdbAC8AC5D12F6C47259920050B2F46CEF81MyApplication.pd_ - path not found
SYMSRV:  UNC: e:MyApplicationMyApplication.pdbAC8AC5D12F6C47259920050B2F46CEF81file.ptr - path not found
SYMSRV:  RESULT: 0x80070003
SYMSRV:  BYINDEX: 0x1C
         e:symbols*https://msdl.microsoft.com/download/symbols
         MyApplication.pdb
         AC8AC5D12F6C47259920050B2F46CEF81
SYMSRV:  UNC: e:symbolsMyApplication.pdbAC8AC5D12F6C47259920050B2F46CEF81MyApplication.pdb - path not found
SYMSRV:  UNC: e:symbolsMyApplication.pdbAC8AC5D12F6C47259920050B2F46CEF81MyApplication.pd_ - path not found
SYMSRV:  UNC: e:symbolsMyApplication.pdbAC8AC5D12F6C47259920050B2F46CEF81file.ptr - path not found
SYMSRV:  HTTPGET: /download/symbols/MyApplication.pdb/AC8AC5D12F6C47259920050B2F46CEF81/MyApplication.pdb
SYMSRV:  HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV:  HTTPGET: /download/symbols/MyApplication.pdb/AC8AC5D12F6C47259920050B2F46CEF81/MyApplication.pd_
SYMSRV:  HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV:  HTTPGET: /download/symbols/MyApplication.pdb/AC8AC5D12F6C47259920050B2F46CEF81/file.ptr
SYMSRV:  HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV:  RESULT: 0x80190194
DBGHELP: MyApplication.pdb - file not found
DBGHELP: D:ServicesTEST_SETBuildAgentwork5862d9870f4438d8sourceMyApplicationobjReleaseMyApplication.pdb - file not found
*** WARNING: Unable to verify checksum for MyApplication.exe
*** ERROR: Module load completed but symbols could not be loaded for MyApplication.exe

e: myApplication目录确实包含myApplication.pdb文件。

然后,由于我们的应用程序的方法名称未知,因此运行分析是没有用的,例如,如果我尝试检查崩溃的异常:

0:000> !PrintException /d 00000223b92c1f28
Exception object: 00000223b92c1f28
Exception type:   System.Runtime.InteropServices.SEHException
Message:          External component has thrown an exception.
InnerException:   <none>
StackTrace (generated):
    SP               IP               Function
    000000BEE7BFD900 0000000000000000 MyApplication.Wpf.UserControls.dll!Unknown+0x1
    000000BEE7BFD9B0 00007FF8AD7EAF10 System_Core_ni!System.Linq.Enumerable+WhereSelectListIterator`2[[System.__Canon, mscorlib],[System.__Canon, mscorlib]].MoveNext()+0x70
    000000BEE7BFDA00 00007FF8549A7CF2 MyApplication.Util.Wpf.dll!Unknown+0x82
    000000BEE7BFDA60 00007FF856EF9B02 MyApplication.Wpf.UserControls.dll!Unknown+0xc2

我缺少正确的符号加载?

您可以从WindBG所在的!sym noisy日志中看到;如果所有其他方法都失败了,则可以将PDB准确地放置在其搜索位置。例如,创建此路径:

e:symbolsMyApplication.pdbAC8AC5D12F6C47259920050B2F46CEF81

然后将myApplication.pdb复制到文件夹中。

但是,一种适当的方法可能是了解Symstore并使用它来建立您的本地符号服务器。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium