Windows环境下Release崩溃定位

Windows下Release崩溃定位

1. MAP文件

什么是 MAP 文件?简单地讲, MAP 文件是程序的全局符号、源文件和代码行号信息的唯一的文本表示方法,它可以在任何地方、任何时候使用,不需要有额外的程序进行支持。而且,这是唯一能找出程序崩溃的地方的救星。

2. 如何生成MAP文件

(1)VC6.0 按下 Alt+F7 ,打开“Project Settings”选项页,选择 C/C++ 选项卡,并在最下面的 Project Options 里面输入:/Zd ,然后要选择 Link 选项卡,在最下面的 Project Options 里面输入: /mapinfo:lines 和 /map:PROJECT_NAME.map 。最后按下 F7 来编译生成 EXE 可执行文件和 MAP 文件。

其中,Line Numbers Only选不选没什么影响,主要是Project Options 里面输入: /mapinfo:lines

/Zi —  表示生成pdb调试信息;
/MAP[:filename] —  表示生成map文件名;
/MAPINFO:EXPORTS —  表示生成的map文件中加入exported functions(生成DLL文件时);
/MAPINFO:LINES —  表示生成的map文件中加入代码行信息。

(2)VS2010 首先配置vc2010生成map文件和cod文件:

1)**.map文件:**property->Configuration Properties->Linker->Debugging 中的Generate Map File选择Yes(/MAP);

3. 代码示例

include <stdio.h>
include "kdvtype.h"

void Crash(void)
{
  s8 i = 1;

  s8 j = 1;
  i /= (j-1);
}

int main(void)
{
   Crash();
   return 0;
}

Crash地址:0x0040101a

4.MAP文件

 crash       //―――模块名

 Timestamp is 57342463 (Thu May 12 14:36:19 2016)        //―――时间戳

 Preferred load address is 00400000    //―――默认加载基地址

//各节的起始地址、长度、节名、类型等信息
 Start         Length     Name                   Class
 0001:00000000 00004152H .text                   CODE
 0002:00000000 000000a0H .idata$5                DATA
 0002:000000a0 000003b4H .rdata                  DATA
 0002:00000454 00000014H .idata$2                DATA
 0002:00000468 00000014H .idata$3                DATA
 0002:0000047c 000000a0H .idata$4                DATA
 0002:0000051c 000002b8H .idata$6                DATA
 0002:000007d4 00000000H .edata                  DATA
 0003:00000000 00000004H .CRT$XCA                DATA
 0003:00000004 00000004H .CRT$XCZ                DATA
 0003:00000008 00000004H .CRT$XIA                DATA
 0003:0000000c 00000004H .CRT$XIC                DATA
 0003:00000010 00000004H .CRT$XIZ                DATA
 0003:00000014 00000004H .CRT$XPA                DATA
 0003:00000018 00000004H .CRT$XPZ                DATA
 0003:0000001c 00000004H .CRT$XTA                DATA
 0003:00000020 00000004H .CRT$XTZ                DATA
 0003:00000030 00002490H .data                   DATA
 0003:000024c0 0000051cH .bss                    DATA

//各符号在节内的偏移地址、加载地址及符号出处
  Address         Publics by Value              Rva+Base     Lib:Object

 0001:00000000       [email protected]@YAXXZ              00401000 f   crash.obj
 0001:00000023       _main                      00401023 f   crash.obj
 0001:0000002f       _mainCRTStartup            0040102f f   LIBC:crt0.obj
 0001:0000010e       __amsg_exit                0040110e f   LIBC:crt0.obj
 0001:00000157       __cinit                    00401157 f   LIBC:crt0dat.obj
 0001:00000184       _exit                      00401184 f   LIBC:crt0dat.obj
 0001:00000195       __exit                     00401195 f   LIBC:crt0dat.obj
 0001:000001a6       __cexit                    004011a6 f   LIBC:crt0dat.obj
 0001:000001b5       __c_exit                   004011b5 f   LIBC:crt0dat.obj
 0001:00000277       __XcptFilter               00401277 f   LIBC:winxfltr.obj
 0001:000003fb       __setenvp                  004013fb f   LIBC:stdenvp.obj
 0001:000004b4       __setargv                  004014b4 f   LIBC:stdargv.obj
 0001:00000701       ___crtGetEnvironmentStringsA 00401701 f   LIBC:a_env.obj
 0001:00000833       __ioinit                   00401833 f   LIBC:ioinit.obj
 0001:000009de       __ioterm                   004019de f   LIBC:ioinit.obj
 0001:00000a01       __GetLinkerVersion         00401a01 f   LIBC:heapinit.obj
 0001:00000a2e       ___heap_select             00401a2e f   LIBC:heapinit.obj
 0001:00000b76       __heap_init                00401b76 f   LIBC:heapinit.obj
 0001:00000bd3       __heap_term                00401bd3 f   LIBC:heapinit.obj
 0001:00000c7c       __global_unwind2           00401c7c f   LIBC:exsup.obj
 0001:00000cbe       __local_unwind2            00401cbe f   LIBC:exsup.obj
 0001:00000d16       __NLG_Return2              00401d16 f   LIBC:exsup.obj
 0001:00000d26       __abnormal_termination     00401d26 f   LIBC:exsup.obj
 0001:00000d49       __NLG_Notify1              00401d49 f   LIBC:exsup.obj
 0001:00000d52       __NLG_Notify               00401d52 f   LIBC:exsup.obj
 0001:00000d65       __NLG_Dispatch             00401d65 f   LIBC:exsup.obj
 0001:00000d74       __except_handler3          00401d74 f   LIBC:exsup3.obj
 0001:00000e31       __seh_longjmp_unwind@4     00401e31 f   LIBC:exsup3.obj
 0001:00000e4c       __FF_MSGBANNER             00401e4c f   LIBC:crt0msg.obj
 0001:00000e85       __NMSG_WRITE               00401e85 f   LIBC:crt0msg.obj
 0001:00000fd8       __GET_RTERRMSG             00401fd8 f   LIBC:crt0msg.obj
 0001:00001009       _free                      00402009 f   LIBC:free.obj
 0001:00001080       _strcpy                    00402080 f   LIBC:strcat.obj
 0001:00001090       _strcat                    00402090 f   LIBC:strcat.obj
 0001:00001170       _malloc                    00402170 f   LIBC:malloc.obj
 0001:00001182       __nh_malloc                00402182 f   LIBC:malloc.obj
 0001:000011ae       __heap_alloc               004021ae f   LIBC:malloc.obj
 0001:00001230       _strlen                    00402230 f   LIBC:strlen.obj
 0001:000012ab       __setmbcp                  004022ab f   LIBC:mbctype.obj
 0001:0000166f       __getmbcp                  0040266f f   LIBC:mbctype.obj
 0001:0000167f       ___initmbctable            0040267f f   LIBC:mbctype.obj
 0001:000016a0       _memcpy                    004026a0 f   LIBC:memcpy.obj
 0001:000019d5       _strtol                    004029d5 f   LIBC:strtol.obj
 0001:00001bf4       _strtoul                   00402bf4 f   LIBC:strtol.obj
 0001:00001c20       _strchr                    00402c20 f   LIBC:strchr.obj
 0001:00001c26       ___from_strstr_to_strchr   00402c26 f   LIBC:strchr.obj
 0001:00001ce0       _strstr                    00402ce0 f   LIBC:strstr.obj
 0001:00001d60       _strncmp                   00402d60 f   LIBC:strncmp.obj
 0001:00001da0       __alloca_probe             00402da0 f   LIBC:chkstk.obj
 0001:00001da0       __chkstk                   00402da0 f   LIBC:chkstk.obj
 0001:00001dcf       __get_sbh_threshold        00402dcf f   LIBC:sbheap.obj
 0001:00001dee       __set_sbh_threshold        00402dee f   LIBC:sbheap.obj
 0001:00001ea1       ___sbh_heap_init           00402ea1 f   LIBC:sbheap.obj
 0001:00001ee9       ___sbh_find_block          00402ee9 f   LIBC:sbheap.obj
 0001:00001f14       ___sbh_free_block          00402f14 f   LIBC:sbheap.obj
 0001:0000223d       ___sbh_alloc_block         0040323d f   LIBC:sbheap.obj
 0001:00002546       ___sbh_alloc_new_region    00403546 f   LIBC:sbheap.obj
 0001:000025f7       ___sbh_alloc_new_group     004035f7 f   LIBC:sbheap.obj
 0001:000026f2       ___sbh_resize_block        004036f2 f   LIBC:sbheap.obj
 0001:000029e8       ___sbh_heapmin             004039e8 f   LIBC:sbheap.obj
 0001:00002ab9       ___sbh_heap_check          00403ab9 f   LIBC:sbheap.obj
 0001:00002de8       __get_old_sbh_threshold    00403de8 f   LIBC:sbheap.obj
 0001:00002dee       __set_old_sbh_threshold    00403dee f   LIBC:sbheap.obj
 0001:00002e0a       ___old_sbh_new_region      00403e0a f   LIBC:sbheap.obj
 0001:00002f4e       ___old_sbh_release_region  00403f4e f   LIBC:sbheap.obj
 0001:00002fa4       ___old_sbh_decommit_pages  00403fa4 f   LIBC:sbheap.obj
 0001:00003066       ___old_sbh_find_block      00404066 f   LIBC:sbheap.obj
 0001:000030bd       ___old_sbh_free_block      004040bd f   LIBC:sbheap.obj
 0001:00003102       ___old_sbh_alloc_block     00404102 f   LIBC:sbheap.obj
 0001:0000330a       ___old_sbh_alloc_block_from_page 0040430a f   LIBC:sbheap.obj
 0001:0000342e       ___old_sbh_resize_block    0040442e f   LIBC:sbheap.obj
 0001:000034d7       ___old_sbh_heap_check      004044d7 f   LIBC:sbheap.obj
 0001:00003635       ___crtMessageBoxA          00404635 f   LIBC:crtmbox.obj
 0001:000036c0       _strncpy                   004046c0 f   LIBC:strncpy.obj
 0001:000037be       [email protected]@[email protected]@Z@Z 004047be f   LIBC:handler.obj
 0001:000037ce       [email protected]@[email protected] 004047ce f   LIBC:handler.obj
 0001:000037d4       __callnewh                 004047d4 f   LIBC:handler.obj
 0001:000037ef       ___crtLCMapStringA         004047ef f   LIBC:a_map.obj
 0001:00003a3e       ___crtGetStringTypeA       00404a3e f   LIBC:a_str.obj
 0001:00003b87       __toupper                  00404b87 f   LIBC:toupper.obj
 0001:00003b8f       _toupper                   00404b8f f   LIBC:toupper.obj
 0001:00003c5b       __isctype                  00404c5b f   LIBC:isctype.obj
 0001:00003cd0       _memmove                   00404cd0 f   LIBC:memmove.obj
 0001:00004010       _memset                    00405010 f   LIBC:memset.obj
 0001:00004068       _GetCommandLineA@0         00405068 f   kernel32:KERNEL32.dll
 0001:0000406e       _GetVersion@0              0040506e f   kernel32:KERNEL32.dll
 0001:00004074       _ExitProcess@4             00405074 f   kernel32:KERNEL32.dll
 0001:0000407a       _TerminateProcess@8        0040507a f   kernel32:KERNEL32.dll
 0001:00004080       _GetCurrentProcess@0       00405080 f   kernel32:KERNEL32.dll
 0001:00004086       _UnhandledExceptionFilter@4 00405086 f   kernel32:KERNEL32.dll
 0001:0000408c       _GetModuleFileNameA@12     0040508c f   kernel32:KERNEL32.dll
 0001:00004092       _FreeEnvironmentStringsA@4 00405092 f   kernel32:KERNEL32.dll
 0001:00004098       _FreeEnvironmentStringsW@4 00405098 f   kernel32:KERNEL32.dll
 0001:0000409e       _WideCharToMultiByte@32    0040509e f   kernel32:KERNEL32.dll
 0001:000040a4       _GetEnvironmentStrings@0   004050a4 f   kernel32:KERNEL32.dll
 0001:000040aa       _GetEnvironmentStringsW@0  004050aa f   kernel32:KERNEL32.dll
 0001:000040b0       _SetHandleCount@4          004050b0 f   kernel32:KERNEL32.dll
 0001:000040b6       _GetStdHandle@4            004050b6 f   kernel32:KERNEL32.dll
 0001:000040bc       _GetFileType@4             004050bc f   kernel32:KERNEL32.dll
 0001:000040c2       _GetStartupInfoA@4         004050c2 f   kernel32:KERNEL32.dll
 0001:000040c8       _GetModuleHandleA@4        004050c8 f   kernel32:KERNEL32.dll
 0001:000040ce       _GetEnvironmentVariableA@12 004050ce f   kernel32:KERNEL32.dll
 0001:000040d4       _GetVersionExA@4           004050d4 f   kernel32:KERNEL32.dll
 0001:000040da       _HeapDestroy@4             004050da f   kernel32:KERNEL32.dll
 0001:000040e0       _HeapCreate@12             004050e0 f   kernel32:KERNEL32.dll
 0001:000040e6       _VirtualFree@12            004050e6 f   kernel32:KERNEL32.dll
 0001:000040ec       _HeapFree@12               004050ec f   kernel32:KERNEL32.dll
 0001:000040f2       _RtlUnwind@16              004050f2 f   kernel32:KERNEL32.dll
 0001:000040f8       _WriteFile@20              004050f8 f   kernel32:KERNEL32.dll
 0001:000040fe       _HeapAlloc@12              004050fe f   kernel32:KERNEL32.dll
 0001:00004104       _GetCPInfo@8               00405104 f   kernel32:KERNEL32.dll
 0001:0000410a       _GetACP@0                  0040510a f   kernel32:KERNEL32.dll
 0001:00004110       _GetOEMCP@0                00405110 f   kernel32:KERNEL32.dll
 0001:00004116       _VirtualAlloc@16           00405116 f   kernel32:KERNEL32.dll
 0001:0000411c       _HeapReAlloc@16            0040511c f   kernel32:KERNEL32.dll
 0001:00004122       _IsBadWritePtr@8           00405122 f   kernel32:KERNEL32.dll
 0001:00004128       _GetProcAddress@8          00405128 f   kernel32:KERNEL32.dll
 0001:0000412e       _LoadLibraryA@4            0040512e f   kernel32:KERNEL32.dll
 0001:00004134       _MultiByteToWideChar@24    00405134 f   kernel32:KERNEL32.dll
 0001:0000413a       _LCMapStringA@24           0040513a f   kernel32:KERNEL32.dll
 0001:00004140       _LCMapStringW@24           00405140 f   kernel32:KERNEL32.dll
 0001:00004146       _GetStringTypeA@20         00405146 f   kernel32:KERNEL32.dll
 0001:0000414c       _GetStringTypeW@16         0040514c f   kernel32:KERNEL32.dll
 0002:00000000       __imp__GetCommandLineA@0   00406000     kernel32:KERNEL32.dll
 0002:00000004       __imp__GetVersion@0        00406004     kernel32:KERNEL32.dll
 0002:00000008       __imp__ExitProcess@4       00406008     kernel32:KERNEL32.dll
 0002:0000000c       __imp__TerminateProcess@8  0040600c     kernel32:KERNEL32.dll
 0002:00000010       __imp__GetCurrentProcess@0 00406010     kernel32:KERNEL32.dll
 0002:00000014       __imp__UnhandledExceptionFilter@4 00406014     kernel32:KERNEL32.dll
 0002:00000018       __imp__GetModuleFileNameA@12 00406018     kernel32:KERNEL32.dll
 0002:0000001c       __imp__FreeEnvironmentStringsA@4 0040601c     kernel32:KERNEL32.dll
 0002:00000020       __imp__FreeEnvironmentStringsW@4 00406020     kernel32:KERNEL32.dll
 0002:00000024       __imp__WideCharToMultiByte@32 00406024     kernel32:KERNEL32.dll
 0002:00000028       __imp__GetEnvironmentStrings@0 00406028     kernel32:KERNEL32.dll
 0002:0000002c       __imp__GetEnvironmentStringsW@0 0040602c     kernel32:KERNEL32.dll
 0002:00000030       __imp__SetHandleCount@4    00406030     kernel32:KERNEL32.dll
 0002:00000034       __imp__GetStdHandle@4      00406034     kernel32:KERNEL32.dll
 0002:00000038       __imp__GetFileType@4       00406038     kernel32:KERNEL32.dll
 0002:0000003c       __imp__GetStartupInfoA@4   0040603c     kernel32:KERNEL32.dll
 0002:00000040       __imp__GetModuleHandleA@4  00406040     kernel32:KERNEL32.dll
 0002:00000044       __imp__GetEnvironmentVariableA@12 00406044     kernel32:KERNEL32.dll
 0002:00000048       __imp__GetVersionExA@4     00406048     kernel32:KERNEL32.dll
 0002:0000004c       __imp__HeapDestroy@4       0040604c     kernel32:KERNEL32.dll
 0002:00000050       __imp__HeapCreate@12       00406050     kernel32:KERNEL32.dll
 0002:00000054       __imp__VirtualFree@12      00406054     kernel32:KERNEL32.dll
 0002:00000058       __imp__HeapFree@12         00406058     kernel32:KERNEL32.dll
 0002:0000005c       __imp__RtlUnwind@16        0040605c     kernel32:KERNEL32.dll
 0002:00000060       __imp__WriteFile@20        00406060     kernel32:KERNEL32.dll
 0002:00000064       __imp__HeapAlloc@12        00406064     kernel32:KERNEL32.dll
 0002:00000068       __imp__GetCPInfo@8         00406068     kernel32:KERNEL32.dll
 0002:0000006c       __imp__GetACP@0            0040606c     kernel32:KERNEL32.dll
 0002:00000070       __imp__GetOEMCP@0          00406070     kernel32:KERNEL32.dll
 0002:00000074       __imp__VirtualAlloc@16     00406074     kernel32:KERNEL32.dll
 0002:00000078       __imp__HeapReAlloc@16      00406078     kernel32:KERNEL32.dll
 0002:0000007c       __imp__IsBadWritePtr@8     0040607c     kernel32:KERNEL32.dll
 0002:00000080       __imp__GetProcAddress@8    00406080     kernel32:KERNEL32.dll
 0002:00000084       __imp__LoadLibraryA@4      00406084     kernel32:KERNEL32.dll
 0002:00000088       __imp__MultiByteToWideChar@24 00406088     kernel32:KERNEL32.dll
 0002:0000008c       __imp__LCMapStringA@24     0040608c     kernel32:KERNEL32.dll
 0002:00000090       __imp__LCMapStringW@24     00406090     kernel32:KERNEL32.dll
 0002:00000094       __imp__GetStringTypeA@20   00406094     kernel32:KERNEL32.dll
 0002:00000098       __imp__GetStringTypeW@16   00406098     kernel32:KERNEL32.dll
 0002:0000009c       \177KERNEL32_NULL_THUNK_DATA 0040609c     kernel32:KERNEL32.dll
 0002:000000cc       [email protected][email protected]@__GLOBAL_HEAP[email protected] 004060cc     LIBC:heapinit.obj
 0002:000000e4       [email protected][email protected]@[email protected] 004060e4     LIBC:heapinit.obj
 0002:000000fc       [email protected][email protected]@runtime?5error?5[email protected] 004060fc     LIBC:crt0msg.obj
 0002:0000010c       [email protected][email protected]?$AN?6[email protected]   0040610c     LIBC:crt0msg.obj
 0002:00000110       [email protected][email protected]@TLOSS?5error?$AN?6[email protected] 00406110     LIBC:crt0msg.obj
 0002:00000120       [email protected][email protected]@SING?5error?$AN?6[email protected] 00406120     LIBC:crt0msg.obj
 0002:00000130       [email protected][email protected]@DOMAIN?5error?$AN?6[email protected] 00406130     LIBC:crt0msg.obj
 0002:00000140       [email protected][email protected]@R6028?$AN?6?9?5unable?5to?5initialize?5[email protected] 00406140     LIBC:crt0msg.obj
 0002:00000168       [email protected][email protected]@R6027?$AN?6?9?5not?5enough?5space?5for?5[email protected] 00406168     LIBC:crt0msg.obj
 0002:000001a0       [email protected][email protected]@R6026?$AN?6?9?5not?5enough?5space?5for?5st@ 004061a0     LIBC:crt0msg.obj
 0002:000001d8       [email protected][email protected]@R6025?$AN?6?9?5pure?5virtual?5function?5[email protected] 004061d8     LIBC:crt0msg.obj
 0002:00000200       [email protected][email protected]@R6024?$AN?6?9?5not?5enough?5space?5for?5[email protected] 00406200     LIBC:crt0msg.obj
 0002:00000238       [email protected][email protected]@R6019?$AN?6?9?5unable?5to?5open?5console?5@ 00406238     LIBC:crt0msg.obj
 0002:00000264       [email protected][email protected]@R6018?$AN?6?9?5unexpected?5heap?5error?$AN?6@ 00406264     LIBC:crt0msg.obj
 0002:00000288       [email protected][email protected]@R6017?$AN?6?9?5unexpected?5multithread?5@ 00406288     LIBC:crt0msg.obj
 0002:000002b8       [email protected][email protected]@R6016?$AN?6?9?5not?5enough?5space?5for?5[email protected] 004062b8     LIBC:crt0msg.obj
 0002:000002e4       [email protected][email protected]@?$AN?6abnormal?5program?5termination?$AN?6@ 004062e4     LIBC:crt0msg.obj
 0002:00000308       [email protected][email protected]@R6009?$AN?6?9?5not?5enough?5space?5for?5[email protected] 00406308     LIBC:crt0msg.obj
 0002:00000334       [email protected][email protected]@R6008?$AN?6?9?5not?5enough?5space?5for?5[email protected] 00406334     LIBC:crt0msg.obj
 0002:00000360       [email protected][email protected]@R6002?$AN?6?9?5floating?5point?5not?5[email protected] 00406360     LIBC:crt0msg.obj
 0002:00000388       [email protected][email protected]@Microsoft?5Visual?5C?$CL?$CL?5Runtime?5[email protected] 00406388     LIBC:crt0msg.obj
 0002:000003b0       [email protected][email protected]?6?6[email protected]     004063b0     LIBC:crt0msg.obj
 0002:000003b4       [email protected][email protected]@Runtime?5Error?$CB?6?6Program?3?5[email protected] 004063b4     LIBC:crt0msg.obj
 0002:000003d0       [email protected][email protected]?4?4?4[email protected]   004063d0     LIBC:crt0msg.obj
 0002:000003d4       [email protected][email protected]@?$DMprogram?5name?5[email protected] 004063d4     LIBC:crt0msg.obj
 0002:000003ec       [email protected][email protected]@[email protected] 004063ec     LIBC:crtmbox.obj
 0002:00000400       [email protected][email protected]@[email protected] 00406400     LIBC:crtmbox.obj
 0002:00000410       [email protected][email protected]@[email protected] 00406410     LIBC:crtmbox.obj
 0002:0000041c       [email protected][email protected]@user32?4[email protected] 0040641c     LIBC:crtmbox.obj
 0002:00000428       [email protected][email protected][email protected]        00406428     LIBC:a_map.obj
 0002:0000042c       [email protected][email protected][email protected] 0040642c     LIBC:a_map.obj
 0002:00000454       __IMPORT_DESCRIPTOR_KERNEL32 00406454     kernel32:KERNEL32.dll
 0002:00000468       __NULL_IMPORT_DESCRIPTOR   00406468     kernel32:KERNEL32.dll
 0003:00000000       ___xc_a                    00407000     LIBC:crt0init.obj
 0003:00000004       ___xc_z                    00407004     LIBC:crt0init.obj
 0003:00000008       ___xi_a                    00407008     LIBC:crt0init.obj
 0003:00000010       ___xi_z                    00407010     LIBC:crt0init.obj
 0003:00000014       ___xp_a                    00407014     LIBC:crt0init.obj
 0003:00000018       ___xp_z                    00407018     LIBC:crt0init.obj
 0003:0000001c       ___xt_a                    0040701c     LIBC:crt0init.obj
 0003:00000020       ___xt_z                    00407020     LIBC:crt0init.obj
 0003:00000030       __aexit_rtn                00407030     LIBC:crt0.obj
 0003:00000034       ___app_type                00407034     LIBC:crt0.obj
 0003:00000038       __XcptActTab               00407038     LIBC:winxfltr.obj
 0003:000000b0       __First_FPE_Indx           004070b0     LIBC:winxfltr.obj
 0003:000000b4       __Num_FPE                  004070b4     LIBC:winxfltr.obj
 0003:000000b8       __XcptActTabCount          004070b8     LIBC:winxfltr.obj
 0003:000000bc       __fpecode                  004070bc     LIBC:winxfltr.obj
 0003:000000c0       ___badioinfo               004070c0     LIBC:ioinit.obj
 0003:000000c8       __amblksiz                 004070c8     LIBC:heapinit.obj
 0003:000000cc       __NLG_Destination          004070cc     LIBC:exsup.obj
 0003:00000270       ___old_small_block_heap    00407270     LIBC:sbheap.obj
 0003:00002294       ___old_sbh_threshold       00409294     LIBC:sbheap.obj
 0003:000022a0       __pctype                   004092a0     LIBC:ctype.obj
 0003:000022a4       __pwctype                  004092a4     LIBC:ctype.obj
 0003:000022a8       __ctype                    004092a8     LIBC:ctype.obj
 0003:000024ac       ___mb_cur_max              004094ac     LIBC:nlsdata1.obj
 0003:000024b0       ___decimal_point           004094b0     LIBC:nlsdata1.obj
 0003:000024b4       ___decimal_point_length    004094b4     LIBC:nlsdata1.obj
 0003:000024c0       __aenvptr                  004094c0     LIBC:crt0.obj
 0003:000024c4       __wenvptr                  004094c4     LIBC:crt0.obj
 0003:000024c8       ___error_mode              004094c8     LIBC:crt0.obj
 0003:000024cc       _errno                     004094cc     LIBC:crt0dat.obj
 0003:000024d0       __doserrno                 004094d0     LIBC:crt0dat.obj
 0003:000024d4       __umaskval                 004094d4     LIBC:crt0dat.obj
 0003:000024d8       __osver                    004094d8     LIBC:crt0dat.obj
 0003:000024dc       __winver                   004094dc     LIBC:crt0dat.obj
 0003:000024e0       __winmajor                 004094e0     LIBC:crt0dat.obj
 0003:000024e4       __winminor                 004094e4     LIBC:crt0dat.obj
 0003:000024e8       ___argc                    004094e8     LIBC:crt0dat.obj
 0003:000024ec       ___argv                    004094ec     LIBC:crt0dat.obj
 0003:000024f0       ___wargv                   004094f0     LIBC:crt0dat.obj
 0003:000024f4       __environ                  004094f4     LIBC:crt0dat.obj
 0003:000024f8       ___initenv                 004094f8     LIBC:crt0dat.obj
 0003:000024fc       __wenviron                 004094fc     LIBC:crt0dat.obj
 0003:00002500       ___winitenv                00409500     LIBC:crt0dat.obj
 0003:00002504       __pgmptr                   00409504     LIBC:crt0dat.obj
 0003:00002508       __wpgmptr                  00409508     LIBC:crt0dat.obj
 0003:0000250c       __exitflag                 0040950c     LIBC:crt0dat.obj
 0003:00002510       __C_Termination_Done       00409510     LIBC:crt0dat.obj
 0003:00002514       __C_Exit_Done              00409514     LIBC:crt0dat.obj
 0003:00002518       __pxcptinfoptrs            00409518     LIBC:winxfltr.obj
 0003:00002624       __adbgmsg                  00409624     LIBC:crt0msg.obj
 0003:0000263c       __newmode                  0040963c     LIBC:_newmode.obj
 0003:00002640       [email protected]@3[email protected]       00409640     LIBC:handler.obj
 0003:00002644       ___lc_handle               00409644     LIBC:nlsdata2.obj
 0003:0000265c       ___lc_codepage             0040965c     LIBC:nlsdata2.obj
 0003:00002660       ___lc_collate_cp           00409660     LIBC:nlsdata2.obj
 0003:0000266c       ___sbh_sizeHeaderList      0040966c     <common>
 0003:00002670       ___sbh_indGroupDefer       00409670     <common>
 0003:00002674       ___sbh_pHeaderScan         00409674     <common>
 0003:00002678       ___sbh_initialized         00409678     <common>
 0003:0000267c       ___sbh_pHeaderDefer        0040967c     <common>
 0003:00002680       ___sbh_cntHeaderList       00409680     <common>
 0003:00002684       ___sbh_pHeaderList         00409684     <common>
 0003:00002688       ___sbh_threshold           00409688     <common>
 0003:0000268c       ___mbcodepage              0040968c     <common>
 0003:00002690       ___mbulinfo                00409690     <common>
 0003:0000269c       ___ismbcodepage            0040969c     <common>
 0003:000026a0       __mbcasemap                004096a0     <common>
 0003:000027a0       __mbctype                  004097a0     <common>
 0003:000028a4       ___mblcid                  004098a4     <common>
 0003:000028a8       __crtheap                  004098a8     <common>
 0003:000028ac       ___active_heap             004098ac     <common>
 0003:000028c0       ___pioinfo                 004098c0     <common>
 0003:000029c0       __nhandle                  004099c0     <common>
 0003:000029c4       ___env_initialized         004099c4     <common>
 0003:000029c8       ___mbctype_initialized     004099c8     <common>
 0003:000029cc       ___onexitend               004099cc     <common>
 0003:000029d0       ___onexitbegin             004099d0     <common>
 0003:000029d4       __FPinit                   004099d4     <common>
 0003:000029d8       __acmdln                   004099d8     <common>

 entry point at        0001:0000002f      //模块的入口地址

 Static symbols          //静态符号

 0001:00003d40       LeadUp1                    00404d40 f   LIBC:memmove.obj
 0001:00003d6c       LeadUp2                    00404d6c f   LIBC:memmove.obj
 0001:00003d90       LeadUp3                    00404d90 f   LIBC:memmove.obj
 0001:00003e0f       UnwindUp0                  00404e0f f   LIBC:memmove.obj
 0001:00003dfc       UnwindUp1                  00404dfc f   LIBC:memmove.obj
 0001:00003df4       UnwindUp2                  00404df4 f   LIBC:memmove.obj
 0001:00003dec       UnwindUp3                  00404dec f   LIBC:memmove.obj
 0001:00003de4       UnwindUp4                  00404de4 f   LIBC:memmove.obj
 0001:00003ddc       UnwindUp5                  00404ddc f   LIBC:memmove.obj
 0001:00003dd4       UnwindUp6                  00404dd4 f   LIBC:memmove.obj
 0001:00003dcc       UnwindUp7                  00404dcc f   LIBC:memmove.obj
 0001:00003e28       TrailUp0                   00404e28 f   LIBC:memmove.obj
 0001:00003e30       TrailUp1                   00404e30 f   LIBC:memmove.obj
 0001:00003e3c       TrailUp2                   00404e3c f   LIBC:memmove.obj
 0001:00003e50       TrailUp3                   00404e50 f   LIBC:memmove.obj
 0001:00003ec8       LeadDown1                  00404ec8 f   LIBC:memmove.obj
 0001:00003ee8       LeadDown2                  00404ee8 f   LIBC:memmove.obj
 0001:00003f10       LeadDown3                  00404f10 f   LIBC:memmove.obj
 0001:00003f64       UnwindDown7                00404f64 f   LIBC:memmove.obj
 0001:00003f6c       UnwindDown6                00404f6c f   LIBC:memmove.obj
 0001:00003f74       UnwindDown5                00404f74 f   LIBC:memmove.obj
 0001:00003f7c       UnwindDown4                00404f7c f   LIBC:memmove.obj
 0001:00003f84       UnwindDown3                00404f84 f   LIBC:memmove.obj
 0001:00003f8c       UnwindDown2                00404f8c f   LIBC:memmove.obj
 0001:00003f94       UnwindDown1                00404f94 f   LIBC:memmove.obj
 0001:00003fa7       UnwindDown0                00404fa7 f   LIBC:memmove.obj
 0001:00003fc0       TrailDown0                 00404fc0 f   LIBC:memmove.obj
 0001:00003fc8       TrailDown1                 00404fc8 f   LIBC:memmove.obj
 0001:00003fd8       TrailDown2                 00404fd8 f   LIBC:memmove.obj
 0001:00003fec       TrailDown3                 00404fec f   LIBC:memmove.obj
 0001:00003a13       _strncnt                   00404a13 f   LIBC:a_map.obj
 0001:000019ec       _strtoxl                   004029ec f   LIBC:strtol.obj
 0001:00001710       LeadUp1                    00402710 f   LIBC:memcpy.obj
 0001:0000173c       LeadUp2                    0040273c f   LIBC:memcpy.obj
 0001:00001760       LeadUp3                    00402760 f   LIBC:memcpy.obj
 0001:000017df       UnwindUp0                  004027df f   LIBC:memcpy.obj
 0001:000017cc       UnwindUp1                  004027cc f   LIBC:memcpy.obj
 0001:000017c4       UnwindUp2                  004027c4 f   LIBC:memcpy.obj
 0001:000017bc       UnwindUp3                  004027bc f   LIBC:memcpy.obj
 0001:000017b4       UnwindUp4                  004027b4 f   LIBC:memcpy.obj
 0001:000017ac       UnwindUp5                  004027ac f   LIBC:memcpy.obj
 0001:000017a4       UnwindUp6                  004027a4 f   LIBC:memcpy.obj
 0001:0000179c       UnwindUp7                  0040279c f   LIBC:memcpy.obj
 0001:000017f8       TrailUp0                   004027f8 f   LIBC:memcpy.obj
 0001:00001800       TrailUp1                   00402800 f   LIBC:memcpy.obj
 0001:0000180c       TrailUp2                   0040280c f   LIBC:memcpy.obj
 0001:00001820       TrailUp3                   00402820 f   LIBC:memcpy.obj
 0001:00001898       LeadDown1                  00402898 f   LIBC:memcpy.obj
 0001:000018b8       LeadDown2                  004028b8 f   LIBC:memcpy.obj
 0001:000018e0       LeadDown3                  004028e0 f   LIBC:memcpy.obj
 0001:00001934       UnwindDown7                00402934 f   LIBC:memcpy.obj
 0001:0000193c       UnwindDown6                0040293c f   LIBC:memcpy.obj
 0001:00001944       UnwindDown5                00402944 f   LIBC:memcpy.obj
 0001:0000194c       UnwindDown4                0040294c f   LIBC:memcpy.obj
 0001:00001954       UnwindDown3                00402954 f   LIBC:memcpy.obj
 0001:0000195c       UnwindDown2                0040295c f   LIBC:memcpy.obj
 0001:00001964       UnwindDown1                00402964 f   LIBC:memcpy.obj
 0001:00001977       UnwindDown0                00402977 f   LIBC:memcpy.obj
 0001:00001990       TrailDown0                 00402990 f   LIBC:memcpy.obj
 0001:00001998       TrailDown1                 00402998 f   LIBC:memcpy.obj
 0001:000019a8       TrailDown2                 004029a8 f   LIBC:memcpy.obj
 0001:000019bc       TrailDown3                 004029bc f   LIBC:memcpy.obj
 0001:00001444       _getSystemCP               00402444 f   LIBC:mbctype.obj
 0001:0000148e       _CPtoLCID                  0040248e f   LIBC:mbctype.obj
 0001:000014c1       _setSBCS                   004024c1 f   LIBC:mbctype.obj
 0001:000014ea       _setSBUpLow                004024ea f   LIBC:mbctype.obj
 0001:00000c94       _gu_return                 00401c94 f   LIBC:exsup.obj
 0001:00000c9c       __unwind_handler           00401c9c f   LIBC:exsup.obj
 0001:0000054d       _parse_cmdline             0040154d f   LIBC:stdargv.obj
 0001:000003b8       _xcptlookup                004013b8 f   LIBC:winxfltr.obj
 0001:000001c4       _doexit                    004011c4 f   LIBC:crt0dat.obj
 0001:0000025d       __initterm                 0040125d f   LIBC:crt0dat.obj
 0001:00000133       _fast_error_exit           00401133 f   LIBC:crt0.obj

//代码行信息
Line numbers for .\Release\crash.obj(E:\OspDemo小程序\crash\crash.cpp) segment .text    

     5 0001:00000000     6 0001:00000006     8 0001:0000000a     9 0001:0000000e
    10 0001:0000001f    13 0001:00000023    14 0001:00000026    15 0001:0000002b
    16 0001:0000002d

分析:

1、崩溃地址(绝对地址),按照MAP文件中Rva+Base的地址可以知道,Crash地址为0x0040101a,介于Crash(00401000)—main(00401023)之间。所以崩溃的地方就应该在Crash函数中,但具体崩溃在哪一行尚不清楚。

其中:address表示的是函数在节内的偏移地址。

2、MAP 文件的最后部分–代码行信息(Line numbers information),它是以这样的形式显示的:

10 0001:0000001f

第一个数字代表在源代码中的代码行号,第二个数是该代码行在所属的代码段中的偏移量。

如果要查找代码行号,需要使用下面的公式做一些十六进制的减法运算:

崩溃行偏移 = 崩溃地址(Crash Address) - 基地址(ImageBase Address) - PE 文件的代码段偏移(如果是0x1000)

结合本示例:崩溃行偏移 = 0x0040101a - 0x00401000 = 0x1a;

位于9 0001:0000000e—10 0001:0000001f之间,在查看代码则确定崩溃行位于第9行,即i /= (j-1),至此就完成了Release下的崩溃定位。

5.mod文件

由于2010取消map文件生成行号信息(vc6.0下是可以生成行号信息的),只能定位在那个函数发生崩溃。这里可以通过生成cod文件,即机器码这一文件,具体定位在那一行崩溃。

首先,配置vc2010生成map文件和cod文件:

(1).map文件:property->Configuration Properties->Linker->Debugging 中的Generate Map File选择Yes(/MAP);

(2).cod文件:property->Configuration Properties->C/C++->output Files中Assembler OutPut中选择Assembly,Maching Code and Source(/FAcs),生成机器,源代码。

由于使用2010编译,崩溃的地址可能不同,崩溃地址:0x00401018;

通过如下MAP文件可以定位在哪个函数崩溃。

0x00401000<崩溃地址(0x00401018)<0x00401030, 崩溃在Crash函数中

Address         Publics by Value              Rva+Base       Lib:Object
 0000:00000000       __except_list              00000000     <absolute>
 0000:00000003       ___safe_se_handler_count   00000003     <absolute>
 0000:00000000       ___ImageBase               00400000     <linker-defined>
 0001:00000000       [email protected]@YAXXZ              00401000 f   crash.obj
 0001:00000030       _main                      00401030 f   crash.obj
 0001:0000020d       _mainCRTStartup            0040120d f   LIBCMT:crt0.obj

cod文件如下:

; Listing generated by Microsoft (R) Optimizing Compiler Version 16.00.30319.01 

    TITLE   E:\OspDemo小程序\crash\crash.cpp
    .686P
    .XMM
    include listing.inc
    .model  flat

INCLUDELIB LIBCMT
INCLUDELIB OLDNAMES

PUBLIC  [email protected]@YAXXZ                   ; Crash
; Function compile flags: /Odtp
; File e:\ospdemo小程序\crash\crash.cpp
_TEXT   SEGMENT
_j$ = -2                       ; size = 1
_i$ = -1                       ; size = 1
[email protected]@YAXXZ PROC                  ; Crash

; 5    : {

  00000 55       push    ebp
  00001 8b ec        mov     ebp, esp
  00003 51       push    ecx

; 6    :   s8 i = 1;

  00004 c6 45 ff 01  mov     BYTE PTR _i$[ebp], 1

; 7    :
; 8    :   s8 j = 1;

  00008 c6 45 fe 01  mov     BYTE PTR _j$[ebp], 1

; 9    :   i /= (j-1);

  0000c 0f be 4d fe  movsx   ecx, BYTE PTR _j$[ebp]
  00010 83 e9 01     sub     ecx, 1
  00013 0f be 45 ff  movsx   eax, BYTE PTR _i$[ebp]
  00017 99       cdq
  00018 f7 f9        idiv    ecx
  0001a 88 45 ff     mov     BYTE PTR _i$[ebp], al

; 10   : }

  0001d 8b e5        mov     esp, ebp
  0001f 5d       pop     ebp
  00020 c3       ret     0
[email protected]@YAXXZ ENDP                  ; Crash
_TEXT   ENDS
PUBLIC  _main
; Function compile flags: /Odtp
_TEXT   SEGMENT
_main   PROC

; 13   : {

  00030 55       push    ebp
  00031 8b ec        mov     ebp, esp

; 14   :    Crash();

  00033 e8 00 00 00 00   call    [email protected]@YAXXZ      ; Crash

; 15   :    return 0;

  00038 33 c0        xor     eax, eax

; 16   : } 

  0003a 5d       pop     ebp
  0003b c3       ret     0
_main   ENDP
_TEXT   ENDS
END

冒号后的”{“表示源文件中的语句,冒号前的”5”表示该语句在源文件中的行数。这之后显示该语句汇编后的偏移地址,二进制码,汇编代码。如

00000 55 push ebp

00001 8b ec mov ebp, esp

00003 51 push ecx

其中,”00000”表示相对于函数开始地址后的偏移,”55”为编译后的机器代码,” push ebp”为汇编代码。从”cod”文件中我们可以看出,一条(c/c++)语句通常需要编译成数条汇编语句 。此外有些汇编语句太长则会分多行显示如:

  ; 9    :   i /= (j-1);
  0000c 0f be 4d fe  movsx   ecx, BYTE PTR _j$[ebp]
  00010 83 e9 01     sub     ecx, 1
  00013 0f be 45 ff  movsx   eax, BYTE PTR _i$[ebp]
  00017 99       cdq
  00018 f7 f9        idiv    ecx
  0001a 88 45 ff     mov     BYTE PTR _i$[ebp], al

其中,”0000c”表示相对偏移,在debug版本中,这个数据为相对于函数起始地址的偏移(此时每个函数第一条语句相对偏移为0000);release版本中为相对于代码段第一条语句的偏移(即代码段第一条语句相对偏移为0000,而以后的每个函数第一条语句相对偏移就不为0000了)。”0f be 4d fe”为编译后的机器代码 ,”movsx ecx, BYTE PTR _j$[ebp]”为汇编代码, 汇编语言中”;”后的内容为注释。

6.定位崩溃行号

首先,崩溃偏移地址 = 崩溃语句地址 - 崩溃函数的起始地址

即,崩溃偏移地址 = 0x00401018 - 0x00401000 = 0x18;

根据Crash崩溃相对偏移地址:00018 f7 f9 idiv ecx,可确定崩溃在第9行,即:i /= (j-1)。

注:可以根据cod文件去查看debug崩溃而release正常的情况,亦或是相反的情况。

说明:本文参考网络文章整理而成

时间: 2024-10-09 12:19:07

Windows环境下Release崩溃定位的相关文章

Windows环境下搭建Redis

当网站从数据库加载大量数据的时候会遇到页面响应速度特别缓慢的情形,为了能够更快的从数据库中取得数据加载至内存中,可以考虑使用Memcached来做数据缓存,或者使用内存数据库(比如Redis)将数据库的内容加载至内存中以键值对的形式存储,当页面请求数据的时候可以直接从内存数据库中获取,从而提高了网站的响应速度. Redis在官方文档中声明推荐在Linux环境下安装部署,但实际情况下会有很多开发者需要在Windows环境下解决以上类似的问题并想要采取Redis方案来解决问题,好在微软开放了这方面的

windows环境下搭建ffmpeg开发环境

ffmpeg是一个开源.跨平台的程序库,可以使用在windows.linux等平台下,本文将简单讲解windows环境下ffmpeg开发环境搭建过程,本人使用的操作系统为windows 7,集成开发环境为Visual Studio 2005,ffmpeg版本为2.2.有人可能会说都什么年代了,还VS 2005,现在VS 2010/2012/2013都出了.本人电脑也安装了VS2010,每次打开,伴随着硬盘指示灯的闪烁,以及硬盘的吱吱响声,过了许久才弹出闪屏页面,此时你的思绪可能已经飘到了南极,启

Windows环境下使用cygwin ndk_r9c编译FFmpeg

 一.废话 最近学习,第一步就是编译.我们需要编译FFmpag,x264,fdk_aac,一步步来.先来讲一下FFmpeg,网上说的很多都是几百年前的,我亲测完美可用 联系我可以直接评论,也可以加我QQ:11635423  二.干货  我能力有限,但是我希望我写的东西能够让更多的人能够接受.我也是刚刚接触.做一个记录,也希望能够对其他人有好处. 几个概念理解一下:不理解也没关系.用了之后再说慢慢就理解了.主要是因为我们是windows 先是cygwin下的一些概念:        unix st

Windows环境下Android Studio V1.2.2系列4—界面介绍

参考资料 [1] Android Studio常用功能介绍, http://ask.android-studio.org/?/article/23 [2] Windows环境下Android Studio V1.2.2系列1-下载与安装, http://my.oschina.net/1pei/blog/467210 [3] Windows环境下Android Studio V1.2.2系列2-初次运行, http://my.oschina.net/1pei/blog/467736 [4] Win

Windows环境下堆管理系统的快表介绍

实验环境: 操作系统: Windows 2000 Service Pack 4 集成开发环境: Microsoft Visual C++ 6.0 SP6 构建版本:Release版本 实验代码: 1 #include <stdio.h> 2 #include <windows.h> 3 4 void main() 5 { 6 HLOCAL h1, h2, h3, h4; 7 HANDLE hp; 8 9 // 启用快表 10 hp = HeapCreate(0, 0, 0); 11

Windows环境下log4cxx的编译及使用(转载)

1.介绍 Log4cxx是开放源代码项目Apache Logging Service的子项目之一,是Java社区著名的log4j的c++移植版,用于为C++程序提供日志功能,以便开发者对目标程序进行调试和审计.有关log4cxx的更多信息可以从Apache Loggin Service的网站http://logging.apache.org获得.当前的最新版本为0.10.0,本文内容及示例代码都是基于此版本. 2.获取软件包 可以从官方网站(http://logging.apache.org/l

Windows环境下MongoDB的安装与配置

MongoDB是一种高性能的文档型数据库,现介绍一下在Windows环境下MongDB的安装与配置 获取MongoDB 打开官方网站 www.mongodb.org,找到页面右上解的DownLoad链接 点击DOWNLOAD下载  目前最新的版本是3.2.4,下载好后选择安装目录,这里选择d:\mongo3.2 配置MongoDB 在目录 d:\mongo3.2下新建一个mongo.config文件,这个文件是用来对MONGODB进行配置用的, 在d:\mongo3.2\bin下新建一个目录db

windows环境下通过c++使用redis

1.Windows下Redis的安装使用 Redis是一个key-value存储系统.Redis的出现,很大程度补偿了memcached这类key/value存储的不足,在部 分场合可以对关系数据库起到很好的补充作用.本文中,作者分享了在Windows下进行安装和使用Redis的技巧. Redis是一个key-value存储系统.和Memcached类似,它支持存储的value类型相对更多,包括string(字符串).list(链表).set(集合).zset(sortedset --有序集合)

Windows环境下Redis

Redis 是一个高性能的key-value数据库, 使用内存作为主存储,数据访问速度非常快,当然它也提供了两种机制支持数据持久化存储.比较遗憾的是,Redis项目不直接支持Windows,Windows版项目是由微软开放技术团队建立和维护一个实验性项目(支持32,64位),所以并不适用生产环境,但可在Windows环境下用于开发测试. 1.下载安装 猛戳这里就到了开源首页,下载源码包,解压ZIP包后进入msvs\bin\release文件夹有三个文件分别对应32,64位,windows服务三个