什么是“中断指令异常”？在WinDbg中？ [英] What is the "Break instruction exception" in WinDbg?

查看：127 发布时间：2020/9/23 20:06:26 windows heap windbg breakpoints corruption

本文介绍了什么是“中断指令异常”？在WinDbg中？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在调试一些随机的崩溃错误，但实际上很难深入研究。因为当我打开故障转储时，只会发现一个错误：

  0：000> .exr -1 
异常地址：00000000 
异常代码：80000003（中断指令异常）
异常标志：00000000 
 NumberParameters：0

实际上我没有在代码中设置任何硬代码断点，因此我在Google中搜索此异常，有人说此异常可能是由堆损坏引起的。
所以我的问题是，
除了硬代码断点，调试时的手动断点，堆损坏之外，还有什么其他原因导致此异常？

另一个问题是，我尝试使用应用程序验证程序检查堆损坏，我了解它是如何工作的，应用程序验证程序将在堆损坏时触发中断指令异常。但是目前，我在没有应用验证程序的情况下运行，谁会引发中断指令异常？

其他信息：当前线程的调用堆栈。

  * 0：000> k 
 ChildEBP RetAddr 
 0012f96c 7c827d19 ntdll！KiFastSystemCallRet 
 0012f970 77e6202c ntdll！NtWaitForMultipleObjects + 0xc 
 0012fa18 7739bbd1 kernel32！WaitForMultipleObjectsExb + 0x11！ b $ b 0012fab8 3b32b9bd msenv！EnvironmentMsgLoop + 0x1ea 
 0012fae4 3b32b94d msenv！CMsoCMHandler :: FPushMessageLoop + 0x86 
 0012fb0c 3b32b8oop9 msenv！SCM :: FPushbfb + 0x28 
 0012fb48 3b32be4e msenv！CMsoComponent :: PushMsgLoop + 0x28 
 0012fbe0 3b327561 msenv！VStudioMainLogged + 0x482 
 0012fc0c 3000a4a6 msenv！VStudioMain + 0xc1 
 0000 b $ b 0012ff14 3000760c devenv！CDevEnvAppId :: Run + 0x91f 
 0012ff30 30007680 devenv！WinMain + 0x74 
 0012ffc0 77e6f23b devenv！License :: GetPID + 0x258 
 0012fff0 00000000 0

我们的应用程序是Visual Studio软件包。 / p>

以下是！analyze -v

  0：000>的结果;分析-v 
 ********************************************** ****************************************** 
 * * 
 *异常分析* 
 * * 
 ******************************************* ******************************************** 
 
 ** *警告：无法验证mscorlib.ni.dll 
的校验和******************************************** 
 *** *** 
 *** *** 
 ***您的调试器未使用正确的符号*** 
 *** *** 
 ***为了执行此命令要正常工作，您的符号路径*** 
 ***必须具有完整类型信息的.pdb文件的int值。 *** 
 *** *** 
 ***某些.pdb文件（例如公共OS符号）不*** 
 ***包含必需的信息。如果需要此命令来使
 ***工作，请与*** 
 ***为您提供这些符号的小组联系。 *** 
 *** *** 
 ***引用类型：kernel32！pNlsUserInfo *** 
 *** *** 
 ******* ****************************************************** **************** 
 ****************************** *********************************************** 
 *** *** 
 *** *** 
 ***您的调试器未使用正确的符号*** 
 *** *** 
 ***按顺序为了使此命令正常运行，您的符号路径*** 
 ***必须指向具有完整类型信息的.pdb文件。 *** 
 *** *** 
 ***某些.pdb文件（例如公共OS符号）不*** 
 ***包含必需的信息。如果需要此命令来使
 ***工作，请与*** 
 ***为您提供这些符号的小组联系。 *** 
 *** *** 
 ***引用类型：kernel32！pNlsUserInfo *** 
 *** *** 
 ******* ****************************************************** **************** 
 
 FAULTING_IP：
 +0 
 00000000 ?? ??? 
 
 EXCEPTION_RECORD：ffffffff-（.exr 0xffffffffffffffff）
异常地址：00000000 
 ExceptionCode：80000003（中断指令异常）
 ExceptionFlags：00000000 
 Number参数： 0 
 
 FAULTING_THREAD：00001f1c 
 
 DEFAULT_BUCKET_ID：STATUS_BREAKPOINT 
 
 PROCESS_NAME：devenv.exe 
 
 ERROR_CODE：（NTSTATUS）0x80000003 -{EXCEPTION}断点已达到断点。 
 
 EXCEPTION_CODE：（HRESULT）0x80000003（2147483651）-一个或多个参数无效
 
 NTGLOBALFLAG：0 
 
 APPLICATION_VERIFIER_FLAGS：0 
 
 MANAGED_STACK：
 SP IP功能
 0012E584 09C8A903 Microsoft_VisualStudio_Design！Microsoft.VisualStudio.NativeMethods.ThrowOnFailure（Int32，Int32 []）+ 0x3b 
 0012E590 09C8C604 Microsoft_VisualStudio_Design！Microsoft.VisualStudioDesign。 .VSDesignSurfaceManager.Microsoft.VisualStudio.Shell.Interop.IVsSelectionEvents.OnElementValueChanged（UInt32，System.Object，System.Object）+ 0x144 
 
 StackTraceString：< none> 
 HResult：80004005 
 
 EXCEPTION_OBJECT：！pe 3115d464 
异常对象：3115d464 
异常类型：System.Runtime.InteropServices.COMException 
消息：错误HRESULT E_FAIL已从对COM组件的调用返回。 
 InnerException：< none> 
 StackTrace（生成）：
 SP IP功能
 0012E584 09C8A903 Microsoft_VisualStudio_Design！Microsoft.VisualStudio.NativeMethods.ThrowOnFailure（Int32，Int32 []）+ 0x3b 
 0012E590 09C8C604 Microsoft_VisualStudio_Design！Microsoft。 VisualStudio.Design.VSDesignSurfaceManager.Microsoft.VisualStudio.Shell.Interop.IVsSelectionEvents.OnElementValueChanged（UInt32，System.Object，System.Object）+ 0x144 
 
 StackTraceString：< none> 
 HResult：80004005 
 
 MANAGED_OBJECT：！dumpobj 3201988 
名称：System.String 
 MethodTable：79330a00 
 EEClass：790ed64c 
大小：158 （0x9e）字节
（C：\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll）
字符串：错误HRESULT E_FAIL已从调用返回到COM组件。 
字段：
 MT字段偏移量类型VT属性值名称
 79332c4c 4000096 4 System.Int32 1实例71 m_arrayLength 
 79332c4c 4000097 8 System.Int32 1实例70 m_stringLength 
 793316e0 4000098 c System.Char 1实例45 m_firstChar 
 79330a00 4000099 10 System.String 0共享的静态空
>域：值00219c28：03031198<< 
 79331630 400009a 14 System.Char [] 0共享静态空白Chars 
>>域：值00219c28：03031798<< 
 
 EXCEPTION_MESSAGE：错误HRESULT E_FAIL已从对COM组件的调用返回。 
 
MANAGED_OBJECT_NAME：System.Runtime.InteropServices.COMException 
 
LAST_CONTROL_TRANSFER：从7c827d19到7c82860c 
 
PRIMARY_PROBLEM_CLASS：STATUS_BREAKPOINT 
 
 BUGCHECK_STR：APPLICATION_FAULT_STATUS_BREAKPOINT 
 
 STACK_TEXT：
 09c8a903 Microsoft_VisualStudio_Design！Microsoft.VisualStudio.NativeMethods.ThrowOnFailure 
 09c8c604 Microsoft_VisualStudio_Design！Microsoft.VisualStudio.Design.VSDesignSurfaceManager.Microsoft.Visual.Studio IVsSelectionEvents.OnElementValueChanged 
 
 
 STACK_COMMAND：dds 12e584； kb 
 
 FOLLOWUP_IP：
 + 9c8a903 
 09c8a903 8bc6 mov eax，esi 
 
 SYMBOL_STACK_INDEX：0 
 
 SYMBOL_NAME：Microsoft_VisualStudio_Design！ Microsoft.VisualStudio.NativeMethods.ThrowOnFailure + 9c8a903 
 
 FOLLOWUP_NAME：MachineOwner 
 
 MODULE_NAME：Microsoft_VisualStudio_Design 
 
 IMAGE_NAME：Microsoft.VisualStudio.Design.dll 
 
 DEBUG_FLR_IMAGE_TIMESTAMP：0 
 
 FAILURE_BUCKET_ID：STATUS_BREAKPOINT_80000003_Microsoft.VisualStudio.Design.dll！Microsoft.VisualStudio.NativeMethods.ThrowOnFailure 
 
BUCKET_ID：APPLICATION_Studio.STATUS＃！ NativeMethods.ThrowOnFailure + 9c8a903 
 
后续行动：MachineOwner

...

在托管堆栈中，有一个显式错误Microsoft.VisualStudio.NativeMethods.ThrowOnFailure ..
但这意味着com异常导致中断指令异常吗？ / p>

！分析似乎只是转储了托管级别，com异常可能是托管级别中的最后一个错误。

我还搜索了一些有关中断和通常，可以在以下情况下触发break指令异常：
1.硬代码中断请求，例如：__asm int 3（ASM），System.Diagnostics.Debugger.Break（C＃），DebugBreak（）（WinAPI）。
2. OS启用了内存运行时检查，就像Application Verifier可以在堆损坏，内存溢出后触发。
3.编译器可以进行一些配置，以填充应为未初始化的存储块和函数结尾填充的内容（重新调谐后为空白）。例如，如果启用/ GZ，则Microsoft VC编译器可以填充0xCC。 0xCC实际上是__asm int 3的操作码。因此，如果某些错误导致应用程序运行到此类块中，将触发断点。

正确吗？

如果那样的话，我认为应用程序验证程序应该是找到根本原因的最佳选择。

解决方案

供以后参考，由于您需要将Windows符号添加到Windbg符号路径，因此导致您的调试器未使用正确的符号警告。操作方法如下：

自动设置Microsoft符号服务器路径：

  0：000> .symfix

您也可以指定其他位置来下载符号，例如：

  0：000> .sympath + c：\myproject

检查当前符号搜索路径：

  0：000> .sympath

您应该看到以下内容：

  SRV ** http：//msdl.microsoft.com/download/symbols

重新加载符号：

  0：000> .reload

然后，您将可以使用以下命令查看有关当前异常的信息：

  0：000> ！analyze -v

您应该看到类似于以下内容的行：

  ExceptionCode：c0000005（访问冲突）

祝您好运，修复错误！

I'm debugging some random crash bugs, but actually very difficult to go deep into. Because when i open crash dump, only find one error:

0:000> .exr -1
ExceptionAddress: 00000000
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 0

Actually i haven't set any hard-code breakpoint in code, so i search about this exception in google, some people said this exception may be caused by heap corruption. So my question is, Is there any other reason why cause this exception, except hard-code breakpoint, manual breakpoint while debugging, heap corruption?

Another question is, i try to use Application Verifier to check heap corruption, i understand how does it work, app verifier will trigger break instruction exception while heap corruption. But currently, i run without app verifier, who will raise the break instruction exception?

Additional info: call stack for current thread.

*0:000> k
ChildEBP RetAddr  
0012f96c 7c827d19 ntdll!KiFastSystemCallRet
0012f970 77e6202c ntdll!NtWaitForMultipleObjects+0xc
0012fa18 7739bbd1 kernel32!WaitForMultipleObjectsEx+0x11a
0012fa74 3b288523 user32!RealMsgWaitForMultipleObjectsEx+0x141
0012fab8 3b32b9bd msenv!EnvironmentMsgLoop+0x1ea
0012fae4 3b32b94d msenv!CMsoCMHandler::FPushMessageLoop+0x86
0012fb0c 3b32b8e9 msenv!SCM::FPushMessageLoop+0xb7
0012fb28 3b32b8b8 msenv!SCM_MsoCompMgr::FPushMessageLoop+0x28
0012fb48 3b32be4e msenv!CMsoComponent::PushMsgLoop+0x28
0012fbe0 3b327561 msenv!VStudioMainLogged+0x482
0012fc0c 3000a4a6 msenv!VStudioMain+0xc1
0012fc38 30007301 devenv!util_CallVsMain+0xff
0012ff14 3000760c devenv!CDevEnvAppId::Run+0x91f
0012ff30 30007680 devenv!WinMain+0x74
0012ffc0 77e6f23b devenv!License::GetPID+0x258
0012fff0 00000000 kernel32!BaseProcessStart+0x23*

Our application is a Visual Studio Package.

Below is the result from !analyze -v

0:000> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** WARNING: Unable to verify checksum for mscorlib.ni.dll
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

FAULTING_IP: 
+0
00000000 ??              ???

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 0

FAULTING_THREAD:  00001f1c

DEFAULT_BUCKET_ID:  STATUS_BREAKPOINT

PROCESS_NAME:  devenv.exe

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

MANAGED_STACK: 
SP       IP       Function
    0012E584 09C8A903 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure(Int32, Int32[])+0x3b
    0012E590 09C8C604 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.Design.VSDesignSurfaceManager.Microsoft.VisualStudio.Shell.Interop.IVsSelectionEvents.OnElementValueChanged(UInt32, System.Object, System.Object)+0x144

StackTraceString: <none>
HResult: 80004005

EXCEPTION_OBJECT: !pe 3115d464
Exception object: 3115d464
Exception type: System.Runtime.InteropServices.COMException
Message: Error HRESULT E_FAIL has been returned from a call to a COM component.
InnerException: <none>
StackTrace (generated):
    SP       IP       Function
    0012E584 09C8A903 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure(Int32, Int32[])+0x3b
    0012E590 09C8C604 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.Design.VSDesignSurfaceManager.Microsoft.VisualStudio.Shell.Interop.IVsSelectionEvents.OnElementValueChanged(UInt32, System.Object, System.Object)+0x144

StackTraceString: <none>
HResult: 80004005

MANAGED_OBJECT: !dumpobj 3201988
Name: System.String
MethodTable: 79330a00
EEClass: 790ed64c
Size: 158(0x9e) bytes
 (C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll)
String: Error HRESULT E_FAIL has been returned from a call to a COM component.
Fields:
      MT    Field   Offset                 Type VT     Attr    Value Name
79332c4c  4000096        4         System.Int32  1 instance       71 m_arrayLength
79332c4c  4000097        8         System.Int32  1 instance       70 m_stringLength
793316e0  4000098        c          System.Char  1 instance       45 m_firstChar
79330a00  4000099       10        System.String  0   shared   static Empty
    >> Domain:Value  00219c28:03031198 <<
79331630  400009a       14        System.Char[]  0   shared   static WhitespaceChars
    >> Domain:Value  00219c28:03031798 <<

EXCEPTION_MESSAGE:  Error HRESULT E_FAIL has been returned from a call to a COM component.

MANAGED_OBJECT_NAME:  System.Runtime.InteropServices.COMException

LAST_CONTROL_TRANSFER:  from 7c827d19 to 7c82860c

PRIMARY_PROBLEM_CLASS:  STATUS_BREAKPOINT

BUGCHECK_STR:  APPLICATION_FAULT_STATUS_BREAKPOINT

STACK_TEXT:  
09c8a903 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure
09c8c604 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.Design.VSDesignSurfaceManager.Microsoft.VisualStudio.Shell.Interop.IVsSelectionEvents.OnElementValueChanged


STACK_COMMAND:  dds 12e584 ; kb

FOLLOWUP_IP: 
+9c8a903
09c8a903 8bc6            mov     eax,esi

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure+9c8a903

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Microsoft_VisualStudio_Design

IMAGE_NAME:  Microsoft.VisualStudio.Design.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAILURE_BUCKET_ID:  STATUS_BREAKPOINT_80000003_Microsoft.VisualStudio.Design.dll!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure

BUCKET_ID:  APPLICATION_FAULT_STATUS_BREAKPOINT_Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure+9c8a903

Followup: MachineOwner

...

In the managed stack, there is a explicit error,Microsoft.VisualStudio.NativeMethods.ThrowOnFailure.. But that means the com exception cause the break instruction exception?

!analyze seems just dump the managed level, the com exception maybe the last error in the managed level.

I also search something about interrupt and exception from google, Normally, the break instruction exception can be triggered in following conditions: 1. Hardcode interrupt request, like: __asm int 3 (ASM), System.Diagnostics.Debugger.Break (C#), DebugBreak() (WinAPI). 2. OS enable memory runtime check, like Application Verifier can trigger after heap corruption, memory overrun. 3. Compiler can have some configuration to enble what should be filled for the uninitialized memory block and end of function(blank area, after retun..). For example, Microsoft VC complier can fill 0xCC if enable /GZ. 0xCC is actually a opcode of __asm int 3. So if some error cause the application run into such block, will trigger a break point.

Correct?

If that, I think Application Verifier should be best choice to find the root cause.

解决方案

For future reference, the Your debugger is not using the correct symbols warning is caused because you need to add Windows symbols to the Windbg symbols path. Here is how to do that:

Set Microsoft symbol server path automatically:

0:000> .symfix

Optionally you can specify an additional location where to download symbol from, e.g.:

0:000> .sympath+ c:\myproject

Check current symbol search path:

0:000> .sympath

You should see something like this:

SRV**http://msdl.microsoft.com/download/symbols

Reload symbols:

0:000> .reload

Then, you will be able to see information about the current exception using this command:

0:000> !analyze -v

You should see a line similar to the following:

ExceptionCode: c0000005 (Access violation)

Good luck fixing bugs!

这篇关于什么是“中断指令异常”？在WinDbg中？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

什么是“中断指令异常”？在WinDbg中？ [英] What is the "Break instruction exception" in WinDbg?

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

什么是“中断指令异常”？在WinDbg中？ [英] What is the &quot;Break instruction exception&quot; in WinDbg?

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

什么是“中断指令异常”？在WinDbg中？ [英] What is the "Break instruction exception" in WinDbg?

登录关闭