Hi list,
I encounter problem with the TEB parser.
Enabling the builtin olepro32 and run winedbg on a program that needs it stops with following errors hen halting on a read access to 0x0. what could I do to debug this ?
First chance exception: page fault on read access to 0x00000000 in 32-bit code (0x00000000). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:008f GS:04c7 EIP:00000000 ESP:405c25f0 EBP:4000b6c9 EFLAGS:00010206( R- 00 I - -P1 ) EAX:400136bc EBX:400134c0 ECX:4000bd00 EDX:400136bc ESI:00000000 EDI:00000000 Stack dump: 0x405c25f0 (NTDLL.DLL.sqrt+0x396ccc): *** Invalid address 0x405c25f0 (NTDLL.DLL.sqrt+0x396ccc)
0011: sel=008f base=4013e0c0 limit=00000fff 32-bit rw- Backtrace: =>0 0x00000000 (ebp=4000b6c9) Can't read TEB:cur_stack 0x00000000: *** Invalid address 0x00000000 -- no code --
___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
Excuse me - wanted to say : Enabling the native olepro32. :\ --- Sylvain Petreolle spetreolle@yahoo.fr a écrit : > Hi list,
I encounter problem with the TEB parser.
Enabling the builtin olepro32 and run winedbg on a program that needs
___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
Sylvain Petreolle a écrit :
Hi list,
I encounter problem with the TEB parser.
Enabling the builtin olepro32 and run winedbg on a program that needs it stops with following errors hen halting on a read access to 0x0. what could I do to debug this ?
First chance exception: page fault on read access to 0x00000000 in 32-bit code (0x00000000). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:008f GS:04c7 EIP:00000000 ESP:405c25f0 EBP:4000b6c9 EFLAGS:00010206( R- 00 I - -P1 ) EAX:400136bc EBX:400134c0 ECX:4000bd00 EDX:400136bc ESI:00000000 EDI:00000000 Stack dump: 0x405c25f0 (NTDLL.DLL.sqrt+0x396ccc): *** Invalid address 0x405c25f0 (NTDLL.DLL.sqrt+0x396ccc)
0011: sel=008f base=4013e0c0 limit=00000fff 32-bit rw- Backtrace: =>0 0x00000000 (ebp=4000b6c9) Can't read TEB:cur_stack 0x00000000: *** Invalid address 0x00000000 -- no code --
the call stack is rather ugly (or winedbg cannot look into it correctly) anyway, the difference between esp and ebp is rather big... and esp and ebp seem to point nowhere (cause of the bad backtrace) sounds like a stack corruption, showing up while exiting a stack frame, but getting to the cause is another story...
to debug this : - try to know which function the app was into before the crash (relay trace, and then single step) - and then look at info on the stack
but this may take you lots of time
A+
-
Eric Pouech -
Sylvain Petreolle