Hi,
Someone sent me a debug version of a Windows dll and a map file. I'm not a Windows programmer, and I'm not sure how to use the map fiile. For instance, I get a runtime error dialog. With backtrace in winedbg I get this:
... 29 0x400bf58d (NTDLL.DLL.RtlRaiseException+0x5 in NTDLL.DLL) (ebp=4083f9dc) 30 0x100771e9 (LIBDEBUG.DLL.EntryPoint+0x1609 in LIBDEBUG.DLL) (ebp=4083fa1c) 31 0x10097138 (LIBDEBUG.DLL.NIUIAEntry+0x1ad8 in LIBDEBUG.DLL) (ebp=4083fa8c) 32 0x100012b2 (LIBDEBUG.DLL..text+0x2b2 in LIBDEBUG.DLL) (ebp=4083fbf8) ...
I assume that everything above NTDLL.DLL.RtlRaiseException is just code to put up the dialog box, and that the problem is at 0x100771e9 (LIBDEBUG.DLL.EntryPoint+0x1609...
If I look for 0x100771e9 in the map file, the closest thing I find is this:
0001:00076ed0 _realloc 10077ed0 f LIBCMTD:dbgheap.obj 0001:00076f00 __realloc_dbg 10077f00 f LIBCMTD:dbgheap.obj 0001:000774b0 __expand 100784b0 f LIBCMTD:dbgheap.obj 0001:000774e0 __expand_dbg 100784e0 f LIBCMTD:dbgheap.obj
Am I correct to assume that realloc_dbg throws an exception?
If I look for 0x100012b2 (LIBDEBUG.DLL..text+0x2b2), the closest I find is:
0001:000011d0 ?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_ NI_N@Z...
That would make sense, we are trying to grow a string, calling realloc, etc. The entry in the middle:
31 0x10097138 (LIBDEBUG.DLL.NIUIAEntry+0x1ad8 in LIBDEBUG.DLL) (ebp=4083fa8c)
points to:
0001:00097140 ?onEvent@Application@UIA@NI@@MAE_NIPAVEventData@23@@Z ...
I don't understand how this relates to the other two.
Are there any tools that could help understand better what's going on? Are there any tools to demangle the C++ names? I tried c++filt and not surprisingly it did not understand these symbols.
Thanks,
Dan Timis Muse Research, Inc.
On Fri, 30 Jul 2004 17:17:42 -0700, Dan Timis wrote:
Someone sent me a debug version of a Windows dll and a map file. I'm not a Windows programmer, and I'm not sure how to use the map fiile. For instance, I get a runtime error dialog. With backtrace in winedbg I get this:
Another technique you could use is a +relay,+snoop,+seh,+tid trace, that way you can see the calls being made just before the crash.
Are there any tools that could help understand better what's going on? Are there any tools to demangle the C++ names? I tried c++filt and not surprisingly it did not understand these symbols.
winedump can demangle MSVC++ symbol names.
thanks -mike
Someone sent me a debug version of a Windows dll and a map file. I'm not a Windows programmer, and I'm not sure how to use the map fiile.
Look on the microsoft site for crashfinder (it's from a MS Journal article). It reads the mapfile(s), you can enter an address and it returns you the matching function. (And if you fail to find it I can send it to you. That should be legal as the source code is freely available.)
bye Fabi
Fabian Cenedese wrote:
Someone sent me a debug version of a Windows dll and a map file. I'm not a Windows programmer, and I'm not sure how to use the map fiile.
Look on the microsoft site for crashfinder (it's from a MS Journal article). It reads the mapfile(s), you can enter an address and it returns you the matching function. (And if you fail to find it I can send it to you. That should be legal as the source code is freely available.)
You can also find this application on the CD of the book "Debugging Applications" by John Robbins (from the "MSDN Bugslayer" column).
See also http://www.wintellect.com/about/instructors/robbins/code.aspx for his available code. --- Jeroen
-
Dan Timis -
Fabian Cenedese -
Jeroen Janssen -
Mike Hearn