崩溃分析 WinDbg
本帖最后由 Qter 于 2024-2-22 18:41 编辑D:\\release\\Package\\mCloudWin(V7.1.2)A001\\pdb:E:\\gitcode\\712\\mCloud_ClientWin712\\dll\\release
!analyze -v
https://zhuanlan.zhihu.com/p/43972006下载,下载官方版本Download Debugging Tools for Windows - WinDbg - Windows driversdocs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-toolshttps://pic4.zhimg.com/v2-20ef38870667e71aeabbc54da52663b7_ipico.jpg
配置https://pic3.zhimg.com/80/v2-daf909a12125edb7b6fd50417912bee2_720w.webp
1.使用dump文件查找崩溃的位置https://pic3.zhimg.com/80/v2-e88ff80aaa672c3eec074ac8bb7e73ce_720w.webp首先打开dump文件。输入!analyze -v(原来写的!anaylze -v 感谢尚逸的提醒) 查看数据https://pic1.zhimg.com/80/v2-c1ade6161cebac3406e7431954372ae0_720w.webp
输入!anaylze -v 查看数据发现什么都没有输入~*kbn 查看所有的线程然后向上查找KERNELBASE!UnhandledExceptionFilter+0x25a 这个一个 未处理的异常https://pic1.zhimg.com/80/v2-98dbe4b79670864c91322d30c481f480_720w.webp
输入~*kbn 查看所有的线程复制第三个参数00b8d9d0输入 dd 00b8d9d0https://pic4.zhimg.com/80/v2-6779e90f06ce323b17b542f9cac6f8cb_720w.webp
输入 dd 00b8d9d0然后输入 .exr 00b8db60(第二个参数)查看上下文 .cxr 00b8dbb0 (第三个参数)https://pic2.zhimg.com/80/v2-c4ae1ac521cb3bb27e73f33e849f4d91_720w.webp
.exr 00b8db60(第二个参数)查看上下文 .cxr 00b8dbb0 (第三个参数)然后kbnhttps://pic3.zhimg.com/80/v2-7687cad85a44dd7111211313fcd7bdbe_720w.webp
kbn然后发现自己熟悉代码双击崩溃位置,发现跳不过去打开call stackhttps://pic4.zhimg.com/80/v2-44c85e54b21d13d03627feccf3344a57_720w.webp
打开call stack双击崩溃的位置https://pic3.zhimg.com/80/v2-4d34c9312cd9948c22a1f870d7548f0e_720w.webp
双击崩溃的位置成功跳转代码打开localhttps://pic3.zhimg.com/80/v2-75ba12f741ae17c55505789d7fd69886_720w.webp
打开local查看崩溃前的数据https://pic3.zhimg.com/80/v2-513767ac13555b8f90bbcee2c45b2016_720w.webp
查看崩溃前的数据这里就可以找到错误的位置以及出问题的原因了。2.调试程序,由于某些情况下,pdb与现在版本不一致(vs中修改了些的代码,或者vs抽风)vs无法附加进程,但是bug又是偶现的,好不容易出现一次又不能破坏现场。就可以直接使用windbg直接附加到进程进行调试程序。https://pic3.zhimg.com/80/v2-3ba57bfc770de6d72bf8224bba1d7536_720w.webphttps://pic3.zhimg.com/80/v2-868d22e388ab4ad2e8b7a93e9b5532b6_720w.webp
附加到进程此时程序会暂停https://pic4.zhimg.com/80/v2-a1661102efab2aaa9864235b38f26d1b_720w.webp打开cpp文件https://pic2.zhimg.com/80/v2-c9a9a38c99781781661ad74810372e45_720w.webp点击上面的小图标,可以打开调用堆栈等窗口。https://pic2.zhimg.com/80/v2-df78bc85f385cfcd02ddc18ff97d8cdd_720w.webp选中你需要调试的代码F9添加断点,跟vs一致。https://pic3.zhimg.com/80/v2-9d7c1d56a90ed4288dda778b7f4dac3e_720w.webp
添加断点F5或者输入g 继续运行https://pic1.zhimg.com/80/v2-05e33636cdeff1ef3c2783793fb2fe7c_720w.webp
断点停止成功可以看到当前运行的数据都可以看到了。
Microsoft (R) Windows Debugger Version 10.0.17763.132 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File
User Mini Dump File: Only registers, stack and portions of memory are available
Error: Change all symbol paths attempts to access 'D:\\release\\Package\\mCloudWin(V7.1.2)A001\\pdb:E:\\gitcode\\712\\mCloud_ClientWin712\\dll\\release' failed: 0x7b - 文件名、目录名或卷标语法不正确。
************* Path validation summary **************
Response Time (ms) Location
Error D:\\release\\Package\\mCloudWin(V7.1.2)A001\\pdb:E:\\gitcode\\712\\mCloud_ClientWin712\\dll\\release
Symbol search path is: D:\\release\\Package\\mCloudWin(V7.1.2)A001\\pdb:E:\\gitcode\\712\\mCloud_ClientWin712\\dll\\release
Executable search path is:
Windows 10 Version 18362 MP (12 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
10.0.18362.1110 (WinBuild.160101.0800)
Machine Name:
Debug session time: Tue Aug 23 17:31:21.000 2022 (UTC + 8:00)
System Uptime: not available
Process Uptime: 3 days 3:37:23.000
................................................................
................................................................
.........................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(42b4.1e54): Unknown exception - code e0000008 (first/second chance not available)
*** WARNING: Unable to verify timestamp for ntdll.dll
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
Unable to load image C:\Windows\System32\KERNELBASE.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for KERNELBASE.dll
*** ERROR: Module load completed but symbols could not be loaded for KERNELBASE.dll
eax=00000000 ebx=129de91c ecx=00000000 edx=00000000 esi=00000000 edi=00000408
eip=77c52f3c esp=129de0e0 ebp=129de150 iopl=0 nv up ei pl nz ac po nc
cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00000212
ntdll+0x72f3c:
77c52f3c c20c00 ret 0Ch
0:047> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information.Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information.Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: $ntdllsym!_CONTEXT ***
*** ***
*************************************************************************
*** WARNING: Unable to verify timestamp for kernel32.dll
*** ERROR: Module load completed but symbols could not be loaded for kernel32.dll
***** OS symbols are WRONG. Please fix symbols to do analysis.
Unable to load image C:\Windows\System32\ole32.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ole32.dll
*** ERROR: Module load completed but symbols could not be loaded for ole32.dll
Unable to load image C:\Windows\System32\combase.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for combase.dll
*** ERROR: Module load completed but symbols could not be loaded for combase.dll
*** ERROR: Symbol file could not be found.Defaulted to export symbols for CrashRpt_r.dll -
*** WARNING: Unable to verify timestamp for SogouPY.ime
*** ERROR: Module load completed but symbols could not be loaded for SogouPY.ime
*** WARNING: Unable to verify timestamp for PicFace.dll
*** ERROR: Module load completed but symbols could not be loaded for PicFace.dll
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information.Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information.Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_CONTEXT ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT:(.ecxr)
eax=129def88 ebx=00000170 ecx=00000001 edx=00000000 esi=00000000 edi=6933802c
eip=75ba46d2 esp=129def88 ebp=129defe4 iopl=0 nv up ei pl nz ac pe nc
cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00000216
KERNELBASE+0x1146d2:
75ba46d2 8b4c2454 mov ecx,dword ptr ss:002b:129defdc=b8f7255a
Resetting default scope
FAULTING_IP:
KERNELBASE+1146d2
75ba46d2 8b4c2454 mov ecx,dword ptr
EXCEPTION_RECORD:(.exr -1)
ExceptionAddress: 75ba46d2 (KERNELBASE+0x001146d2)
ExceptionCode: e0000008
ExceptionFlags: 00000001
NumberParameters: 1
Parameter: 00000170
BUGCHECK_STR:E94AEEF6
WRONG_SYMBOLS_TIMESTAMP: e94aeef6
WRONG_SYMBOLS_SIZE: 19a000
FAULTING_MODULE: 77be0000 ntdll
DEBUG_FLR_IMAGE_TIMESTAMP:e94aeef6
ADDITIONAL_DEBUG_TEXT:
You can run '.symfix; .reload' to try to fix the symbol path and load symbols. ; Followup set based on attribute from Frame: on thread:
ANALYSIS_SESSION_HOST:CY-202010141JOS
ANALYSIS_SESSION_TIME:08-31-2022 10:56:05.0916
ANALYSIS_VERSION: 10.0.17763.132 x86fre
STACK_TEXT:
129def88 75ba46d2 KERNELBASE+0x1146d2
129defec 65a74cfd libcef!cef_string_utf16_to_upper+0x426fd
129df008 664c1511 libcef!cef_time_delta+0x23e16
129df014 65abb104 libcef!cef_string_utf16_to_upper+0x88b04
129df02c 65a5d31e libcef!cef_string_utf16_to_upper+0x2ad1e
129df03c 6472e6d4 libcef!cef_string_multimap_size+0x3fdc0b
129df05c 64741dce libcef!cef_string_multimap_size+0x411305
129df090 64730fe8 libcef!cef_string_multimap_size+0x40051f
129df264 6473629e libcef!cef_string_multimap_size+0x4057d5
129df288 65af1af1 libcef!cef_string_utf16_to_upper+0xbf4f1
129df2c4 640cfcad libcef!cef_zip_reader_create+0x27f19
129df2d8 64425db3 libcef!cef_string_multimap_size+0xf52ea
129df334 646368ca libcef!cef_string_multimap_size+0x305e01
129df3d8 65e34eb1 libcef!cef_string_utf16_to_upper+0x4028b1
129df46c 65d882de libcef!cef_string_utf16_to_upper+0x355cde
129df4e8 65d884c8 libcef!cef_string_utf16_to_upper+0x355ec8
129df570 65d8a4b7 libcef!cef_string_utf16_to_upper+0x357eb7
129df590 648ad33b libcef!cef_string_multimap_size+0x57c872
129df5ac 65a87aa7 libcef!cef_string_utf16_to_upper+0x554a7
129df618 664d9895 libcef!cef_time_delta+0x3c19a
129df6ec 664d9630 libcef!cef_time_delta+0x3bf35
129df74c 664c7438 libcef!cef_time_delta+0x29d3d
129df78c 664da06a libcef!cef_time_delta+0x3c96f
129df7b4 65a764f6 libcef!cef_string_utf16_to_upper+0x43ef6
129df804 65a7636f libcef!cef_string_utf16_to_upper+0x43d6f
129df814 65a9592b libcef!cef_string_utf16_to_upper+0x6332b
129df81c 65a95a93 libcef!cef_string_utf16_to_upper+0x63493
129df868 65a93d75 libcef!cef_string_utf16_to_upper+0x61775
129df88c 75f86359 kernel32+0x16359
129df89c 77c48944 ntdll+0x68944
129df8f8 77c48914 ntdll+0x68914
THREAD_SHA1_HASH_MOD_FUNC:c3ed4354ce909c6ff0339885e25cf45198b1767a
THREAD_SHA1_HASH_MOD_FUNC_OFFSET:a5bed8ebe0fcb2ddbff57df9a5982ba1aac112c8
THREAD_SHA1_HASH_MOD:f948376e29c6ced390fd2053430ccfa5ea9a3883
FOLLOWUP_IP:
KERNELBASE+1146d2
75ba46d2 8b4c2454 mov ecx,dword ptr
FAULT_INSTR_CODE:54244c8b
SYMBOL_STACK_INDEX:0
FOLLOWUP_NAME:MachineOwner
STACK_COMMAND:.ecxr ; kb ; ** Pseudo Context ** Pseudo ** Value: 11f9c5d8 ** ; kb
EXCEPTION_CODE: (NTSTATUS) 0xe94aeef6 - <Unable to get error code text>
EXCEPTION_CODE_STR:E94AEEF6
EXCEPTION_STR:WRONG_SYMBOLS
PROCESS_NAME:ntdll.wrong.symbols.dll
IMAGE_NAME:ntdll.wrong.symbols.dll
MODULE_NAME: ntdll_wrong_symbols
SYMBOL_NAME:ntdll_wrong_symbols!E94AEEF619A000
BUCKET_ID:WRONG_SYMBOLS_X86_10.0.18362.1110_(WinBuild.160101.0800)_TIMESTAMP_940110-224926
DEFAULT_BUCKET_ID:WRONG_SYMBOLS_X86_10.0.18362.1110_(WinBuild.160101.0800)_TIMESTAMP_940110-224926
PRIMARY_PROBLEM_CLASS:WRONG_SYMBOLS
FAILURE_EXCEPTION_CODE:E94AEEF6
FAILURE_IMAGE_NAME:ntdll.wrong.symbols.dll
BUCKET_ID_IMAGE_STR:ntdll.wrong.symbols.dll
FAILURE_MODULE_NAME:ntdll_wrong_symbols
BUCKET_ID_MODULE_STR:ntdll_wrong_symbols
FAILURE_FUNCTION_NAME:E94AEEF619A000
BUCKET_ID_FUNCTION_STR:E94AEEF619A000
BUCKET_ID_OFFSET:0
BUCKET_ID_MODTIMEDATESTAMP:0
BUCKET_ID_MODCHECKSUM:0
BUCKET_ID_MODVER_STR:0.0.0.0
BUCKET_ID_PREFIX_STR:WRONG_SYMBOLS_X86_10.0.18362.1110_(WinBuild.160101.0800)_TIMESTAMP_940110-224926
FAILURE_PROBLEM_CLASS:WRONG_SYMBOLS
FAILURE_SYMBOL_NAME:ntdll.wrong.symbols.dll!E94AEEF619A000
FAILURE_BUCKET_ID:WRONG_SYMBOLS_X86_10.0.18362.1110_(WinBuild.160101.0800)_TIMESTAMP_940110-224926_E94AEEF6_ntdll.wrong.symbols.dll!E94AEEF619A000
TARGET_TIME:2022-08-23T09:31:21.000Z
OSBUILD:18362
OSSERVICEPACK:1110
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK:256
PRODUCT_TYPE:1
OSPLATFORM_TYPE:x86
OSNAME:Windows 10
OSEDITION:Windows 10 WinNt SingleUserTS
OS_LOCALE:
USER_LCID:0
OSBUILD_TIMESTAMP:2017-09-12 07:43:03
BUILDDATESTAMP_STR:160101.0800
BUILDLAB_STR:WinBuild
BUILDOSVER_STR:10.0.18362.1110
ANALYSIS_SESSION_ELAPSED_TIME:b7
ANALYSIS_SOURCE:UM
FAILURE_ID_HASH_STRING:um:wrong_symbols_x86_10.0.18362.1110_(winbuild.160101.0800)_timestamp_940110-224926_e94aeef6_ntdll.wrong.symbols.dll!e94aeef619a000
FAILURE_ID_HASH:{ff4692e3-d0ff-92f5-0605-0bb0d3e3994d}
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 10.0.17763.132 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Version 18363 MP (6 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
10.0.18362.329 (WinBuild.160101.0800)
Machine Name:
Debug session time: Wed Aug 31 03:47:35.000 2022 (UTC + 8:00)
System Uptime: not available
Process Uptime: 0 days 3:15:10.000
................................................................
................................................................
................................................................
..........
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(12a84.117d4): Unknown exception - code 00000000 (first/second chance not available)
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=000003e8
eip=77ab1e3c esp=0737f1f8 ebp=0737f268 iopl=0 nv up ei pl nz na po nc
cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00000202
ntdll!NtWaitForSingleObject+0xc:
77ab1e3c c20c00 ret 0Ch
Error: Change all symbol paths attempts to access 'D:\\release\\Package\\mCloudWin(V7.1.2)A001\\pdb:E:\\gitcode\\712\\mCloud_ClientWin712\\dll\\release' failed: 0x7b - 文件名、目录名或卷标语法不正确。
************* Path validation summary **************
Response Time (ms) Location
Error D:\\release\\Package\\mCloudWin(V7.1.2)A001\\pdb:E:\\gitcode\\712\\mCloud_ClientWin712\\dll\\release
*** ERROR: Symbol file could not be found.Defaulted to export symbols for ntdll.dll -
0:013> .reload
..*** ERROR: Symbol file could not be found.Defaulted to export symbols for ntdll.dll -
..............................................................
................................................................
................................................................
..........
*** ERROR: Symbol file could not be found.Defaulted to export symbols for KERNELBASE.dll -
************* Symbol Loading Error Summary **************
Module name Error
ntdll The system cannot find the file specified
KERNELBASE The system cannot find the file specified
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
0:013> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information.Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information.Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: $ntdllsym!_CONTEXT ***
*** ***
*************************************************************************
*** ERROR: Symbol file could not be found.Defaulted to export symbols for ucrtbase.dll -
*** ERROR: Symbol file could not be found.Defaulted to export symbols for log4cpp.dll -
*** WARNING: Unable to verify timestamp for mCloud.exe
*** ERROR: Module load completed but symbols could not be loaded for mCloud.exe
*** ERROR: Symbol file could not be found.Defaulted to export symbols for Qt5Core.dll -
*** WARNING: Unable to verify timestamp for cloud.dll
*** ERROR: Module load completed but symbols could not be loaded for cloud.dll
*** ERROR: Symbol file could not be found.Defaulted to export symbols for kernel32.dll -
***** OS symbols are WRONG. Please fix symbols to do analysis.
*** ERROR: Symbol file could not be found.Defaulted to export symbols for ole32.dll -
*** ERROR: Symbol file could not be found.Defaulted to export symbols for combase.dll -
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information.Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information.Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_CONTEXT ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT:(.ecxr)
eax=0737f228 ebx=00000000 ecx=00000000 edx=049f43b8 esi=642e4610 edi=049f43b8
eip=642e3842 esp=0737f4fc ebp=0737f878 iopl=0 nv up ei pl nz ac pe nc
cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00000216
CrashRpt_r!Ordinal10+0x3842:
642e3842 8b4508 mov eax,dword ptr ss:002b:0737f880=0737f884
Resetting default scope
FAULTING_IP:
CrashRpt_r!Ordinal10+3842
642e3842 8b4508 mov eax,dword ptr
EXCEPTION_RECORD:(.exr -1)
ExceptionAddress: 642e3842 (CrashRpt_r!Ordinal10+0x00003842)
ExceptionCode: 00000000
ExceptionFlags: 00000000
NumberParameters: 0
WRONG_SYMBOLS_TIMESTAMP: 3dcfaabb
WRONG_SYMBOLS_SIZE: 19a000
FAULTING_MODULE: 77a40000 ntdll
DEBUG_FLR_IMAGE_TIMESTAMP:3dcfaabb
ADDITIONAL_DEBUG_TEXT:
You can run '.symfix; .reload' to try to fix the symbol path and load symbols. ; Followup set based on attribute from Frame: on thread:
ANALYSIS_SESSION_HOST:CY-202010141JOS
ANALYSIS_SESSION_TIME:08-31-2022 11:16:35.0154
ANALYSIS_VERSION: 10.0.17763.132 x86fre
STACK_TEXT:
0737f4fc 642e3842 CrashRpt_r!Ordinal10+0x3842
0737f880 642e4683 CrashRpt_r!Ordinal10+0x4683
0737f8bc 759aca3d ucrtbase!get_thread_local_invalid_parameter_handler+0x1dd
0737f934 5baad3d0 log4cpp!log4cpp::FileAppender::_append+0x40
0737f96c 5babb59e log4cpp!log4cpp::RollingFileAppender::_append+0xe
0737f97c 5baa5053 log4cpp!log4cpp::AppenderSkeleton::doAppend+0x33
0737f990 5baaa640 log4cpp!log4cpp::Category::callAppenders+0x30
0737f9a8 5baaa2dd log4cpp!log4cpp::Category::_logUnconditionally2+0x3d
0737fa2c 5baaa333 log4cpp!log4cpp::Category::_logUnconditionally+0x33
0737fa60 5baaa7dc log4cpp!log4cpp::Category::crit+0x2c
0737fa78 010738a7 mCloud+0x738a7
0737faa4 590ee045 Qt5Core!qt_message_output+0x165
0737fadc 590edef3 Qt5Core!qt_message_output+0x13
0737fb20 5a41f7f3 cloud+0x14f7f3
0737fcc0 5a4200e2 cloud+0x1500e2
0737fe48 5a41e0ca cloud+0x14e0ca
0737fe54 590f70c8 Qt5Core!QThreadPoolPrivate::reset+0x1a8
0737feac 590f397c Qt5Core!QThread::start+0x31c
0737fed0 76646359 kernel32!BaseThreadInitThunk+0x19
0737fee0 77aa7c14 ntdll!RtlGetAppContainerNamedObjectPath+0xe4
0737ff3c 77aa7be4 ntdll!RtlGetAppContainerNamedObjectPath+0xb4
THREAD_SHA1_HASH_MOD_FUNC:0656e6cd7b900dce72263212cadce02ceba0688f
THREAD_SHA1_HASH_MOD_FUNC_OFFSET:abd1bc3fa942986f8e3a974a7ab793f393427bb3
THREAD_SHA1_HASH_MOD:237449150da3ad0618a4e5609051d68d97612dcf
FOLLOWUP_IP:
CrashRpt_r!Ordinal10+3842
642e3842 8b4508 mov eax,dword ptr
FAULT_INSTR_CODE:8d08458b
SYMBOL_STACK_INDEX:0
FOLLOWUP_NAME:MachineOwner
STACK_COMMAND:.ecxr ; kb ; ** Pseudo Context ** Pseudo ** Value: 148f6550 ** ; kb
BUGCHECK_STR:3DCFAABB
EXCEPTION_CODE: (NTSTATUS) 0x3dcfaabb - <Unable to get error code text>
EXCEPTION_CODE_STR:3DCFAABB
EXCEPTION_STR:WRONG_SYMBOLS
PROCESS_NAME:ntdll.wrong.symbols.dll
IMAGE_NAME:ntdll.wrong.symbols.dll
MODULE_NAME: ntdll_wrong_symbols
SYMBOL_NAME:ntdll_wrong_symbols!3DCFAABB19A000
BUCKET_ID:WRONG_SYMBOLS_X86_10.0.18362.329_(WinBuild.160101.0800)_TIMESTAMP_021111-130355
DEFAULT_BUCKET_ID:WRONG_SYMBOLS_X86_10.0.18362.329_(WinBuild.160101.0800)_TIMESTAMP_021111-130355
PRIMARY_PROBLEM_CLASS:WRONG_SYMBOLS
FAILURE_BUCKET_ID:WRONG_SYMBOLS_X86_10.0.18362.329_(WinBuild.160101.0800)_TIMESTAMP_021111-130355_3DCFAABB_ntdll.wrong.symbols.dll!3DCFAABB19A000
FAILURE_EXCEPTION_CODE:3DCFAABB
FAILURE_IMAGE_NAME:ntdll.wrong.symbols.dll
BUCKET_ID_IMAGE_STR:ntdll.wrong.symbols.dll
FAILURE_MODULE_NAME:ntdll_wrong_symbols
BUCKET_ID_MODULE_STR:ntdll_wrong_symbols
FAILURE_FUNCTION_NAME:3DCFAABB19A000
BUCKET_ID_FUNCTION_STR:3DCFAABB19A000
BUCKET_ID_OFFSET:0
BUCKET_ID_MODTIMEDATESTAMP:0
BUCKET_ID_MODCHECKSUM:0
BUCKET_ID_MODVER_STR:0.0.0.0
BUCKET_ID_PREFIX_STR:WRONG_SYMBOLS_X86_10.0.18362.329_(WinBuild.160101.0800)_TIMESTAMP_021111-130355
FAILURE_PROBLEM_CLASS:WRONG_SYMBOLS
FAILURE_SYMBOL_NAME:ntdll.wrong.symbols.dll!3DCFAABB19A000
TARGET_TIME:2022-08-30T19:47:35.000Z
OSBUILD:18363
OSSERVICEPACK:778
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK:256
PRODUCT_TYPE:1
OSPLATFORM_TYPE:x86
OSNAME:Windows 10
OSEDITION:Windows 10 WinNt SingleUserTS
OS_LOCALE:
USER_LCID:0
OSBUILD_TIMESTAMP:1982-04-09 08:25:11
BUILDDATESTAMP_STR:160101.0800
BUILDLAB_STR:WinBuild
BUILDOSVER_STR:10.0.18362.329
ANALYSIS_SESSION_ELAPSED_TIME:15c
ANALYSIS_SOURCE:UM
FAILURE_ID_HASH_STRING:um:wrong_symbols_x86_10.0.18362.329_(winbuild.160101.0800)_timestamp_021111-130355_3dcfaabb_ntdll.wrong.symbols.dll!3dcfaabb19a000
FAILURE_ID_HASH:{78ced7a0-5a1c-f23b-6dc7-e64309912087}
Followup: MachineOwner
---------
页:
[1]