调试没有源代码的Windows程序。 [英] Debugging windows program without source code.

问题描述

几天前我在工作中遇到了这个问题，我想知道是否有办法从场景中获取更多数据，而不是去微软。有很多这样的情况，我想探索一下，作为一个Windows开发人员，获取大部分信息的最佳/最佳方式就是这种情况。我将描述这种情况：



1）Office应用程序在使用某些设置进行打印时涉及cmyk颜色空间，会引发一个对话框错误，其中包含错误描述。文件％s无法打开，因为它被某些其他应用程序锁定。它不提供文件名，也不提供事件查看器。打印中止。



2）在使用procmon时，我们发现文件锁定错误。当apiCreatefileMapping时，在几个文件上由办公室应用程序，假脱机程序，splwow64.exe等参与进程调用（是的，它是64位系统，应用程序是32位）。



3）当没有涉及splwow64时问题不存在，意味着在64位操作系统上使用64位应用程序。



我想知道哪些工具对我们有用在这种情况下获得更多信息。这包括在需要时使用带有windbg的MS符号和调试程序集。基本上我需要锁定的文件名，显示为％s和问题的根。

A few days back I faced this problem at work and I was wondering is there a way to mint out more data from the scenario than to go to Microsoft. There has been many cases like this and I wanted to explore that as a windows developer what is the best /optimum way to fetch most of info is such case. I ll describe the situation:

1) An office application, while printing with certain settings ,involving cmyk color space, throws up a dialog box error which has a bad description."File %s could not be opened because it is locked by some other application". It does not give a file name nor does the event viewer. Printing is aborted.

2) on using "procmon", we find "file locked error" on several files when the api "CreatefileMapping" is called by involved processes like the office app, the spooler , the splwow64.exe(yes its a 64 bit system and the app is 32 bit).

3) the problem is not there when there is no splwow64 is involved, means using 64 bit app on 64 bit os.

I want to know that which tools will be useful for getting more info in such situations. This includes use of MS symbols with windbg and debugging assembly if needed. Basically i need the file name that is locked , which is shown as %s and the root of the problem.

推荐答案

这样的调试是可能的，但也不是很有效率很多劳动力。并且调试没有修补PE的能力（我曾经使用系统提供补丁设施，但这远远不是Windows :-)）对你没什么帮助。



但你提到因为它被其他一些应用程序锁定，这很容易检测和修复。



首先，类似这里有很多问题，从这个经验我知道：在大多数情况下，阻止过程就是你自己的过程。您可能忘记在同一个应用程序中处理/关闭某些内容。所以，首先，检查一下。要探索这种可能性，请参阅我过去的答案：

清除C＃中的句柄 [ ^ ]。



在这个答案中，注意使用 / code>语句可以帮助您保证在使用后正确处理相应的文件系统对象，而不是保持文件锁定。



在某些情况下，你真的需要调查哪个进程拥有哪个文件。为此，我建议使用 Sysinternals Suite 中的一个实用程序。这组实用程序（以前来自 Winternals 公司，目前在Microsoft）是必须的对于任何开发人员，请参阅：

http://technet.microsoft.com/en -us / sysinternals / bb842062 [ ^ ]，

http://technet.microsoft.com/en-us/sysinternals / bb545027 [ ^ ]。



您需要的实用程序是 handle.exe ，请参阅：

http://technet.microsoft.com/en-us/sysinternals/bb896655 [ ^ ]。



在您的情况下，您使用文件名参数：



Such debugging is possible but not really productive, too much labor-taking. And having debugging without the ability to patch the PE (I used to work with the system providing patch facility, but that's far from Windows :-)) won't help you much.

But you mentioned the "because it is locked by some other application", which is pretty easy to detect and fix.

First of all, the similar question was asked here many times, and from this experience I know: in most cases the blocking process is your own process. You could have forgotten to dispose/close something in the same application. So, first of all, check it up. To explore this possibility, please see my past answer:
Clearing a Handle in C#[^].

In this answer, pay attention for the using of the using statement which helps you to guarantee that appropriate file system object is properly disposed after use, not keeping the file locked.

In some cases, you really need to investigate which process holds which file. For this, I recommend using one utility from the Sysinternals Suite. This set of utilities (formerly from Winternals company, presently at Microsoft) is a must-have for any developer, please see:
http://technet.microsoft.com/en-us/sysinternals/bb842062[^],
http://technet.microsoft.com/en-us/sysinternals/bb545027[^].

The utility you need is "handle.exe", please see:
http://technet.microsoft.com/en-us/sysinternals/bb896655[^].

In your case, you use it with file name parameter:

handle.exe <file_name>

此实用程序将扫描所有类型的句柄，而不仅仅是文件句柄。对于文件，它将扫描与文件名匹配的所有文件句柄（因此它不必是完整路径名）并返回足以识别每个进程的信息，包括其 pid 。因此，如果您需要有关相关流程的更多信息，您还可以使用其他Sysinternals实用程序，特别是其 Process Explorer ：

http://technet.microsoft.com/en-us/sysinternals/bb896653 [ ^ ]。



祝你好运，

-SA

This utility will scan all kinds of handles, not just file handles. For file, it will scan all file handles matching the file name (so it does not have to be a full path name) and return information sufficient to identify each process, including its pid. So, if you need more information on a process in question, you can also use other Sysinternals utilities, in particular, its Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653[^].

Good luck,

—SA

这篇关于调试没有源代码的Windows程序。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！