我如何知道哪个 DLL 启动了一个线程以及一个 DLL 为外部 DLL 拥有的地址空间是什么? [英] How can I tell what DLL started a thread and what address space a DLL owns for an external DLL?
问题描述
我有一个 Delph 6 DirectShow 应用程序,它通过套接字与 Skype 交换音频.当 DirectShow 过滤器链运行时,我在由过滤器图加载的 DLL 之一启动的线程之一中遇到间歇性访问冲突.DLL 不属于我,所以我没有源代码.
I have a Delph 6 DirectShow application that exchanges audio with Skype via sockets. I am getting an intermittent access violation in one of the threads started by one of the DLLs loaded by the Filter Graph when the DirectShow filter chain is ran. The DLL does not belong to me so I don't have the source code.
我检查了事件日志,并在运行过滤器图时看到了此相关摘录:
I have examined the Event Log and I see this relevant excerpt when the Filter Graph is ran :
Thread Start: Thread ID: $00000804. Process Test.exe ($CE4)
Module Load: QCap.dll. No Debug Info. Base Address: $757F0000. Process Test.exe ($CE4)
Thread Start: Thread ID: $00000608. Process Test.exe ($CE4)
Thread Start: Thread ID: $0000259C. Process Test.exe ($CE4)
Thread Start: Thread ID: $00002778. Process Test.exe ($CE4)
ODS: DXCHAIN, STARTING> DXCaptureFilterComponent1 succeeded Process Test.exe ($CE4)
ODS: DXCHAIN, STARTING> DXChainComp_mic2skype Process Test.exe ($CE4)
Module Load: DSOUND.dll. No Debug Info. Base Address: $73F10000. Process Test.exe ($CE4)
ODS: (TPushSourcePinBase_wavaudio.Create) Construction succeeded. Process Test.exe ($CE4)
ODS: (TPushSourcePinBase_wavaudio.Create) Construction succeeded. Process Test.exe ($CE4)
Module Load: wavdest.ax. No Debug Info. Base Address: $10000000. Process Test.exe ($CE4)
ODS: (TPushSourcePinBase_wavaudio.DecideBufferSize) Resulting buffer size for audio is: 800 Process Test.exe ($CE4)
ODS: (TPushSourcePinBase_wavaudio.DecideBufferSize) Resulting buffer size for audio is: 800 Process Test.exe ($CE4)
Thread Start: Thread ID: $000027E0. Process Test.exe ($CE4)
Thread Start: Thread ID: $00001DF0. Process Test.exe ($CE4)
Thread Start: Thread ID: $0000176C. Process Test.exe ($CE4)
Thread Start: Thread ID: $0000083C. Process Test.exe ($CE4)
注意,ODS 行是调试打印"语句到调试监视器窗口 (OutputDebugString) 的结果
Note, the ODS lines are the result of "debug print" statements to the Debug Monitor window (OutputDebugString)
在上面记录的试验中抛出 AV 的线程是 $0000176C.该线程始终是创建的第 12 个线程,调试器报告的 AV 位置始终 *$77BEFOOF*.我的问题是:
The thread that threw the AV in trial documented above was $0000176C. The thread is always the 12th thread created and the location reported by the debugger for the AV is always *$77BEFOOF*. My questions are:
1) 我如何知道哪个动态加载的 DLL 拥有故障线程?
1) How can I tell which of the dynamically loaded DLLs owns the faulting thread?
2) 有没有办法找出每个 DLL 的开始和结束内存位置,即使是那些我没有源代码的位置,以便我可以看到哪些 DLL 包含 $77BEF00F 地址位置?
2) Is there a way to find out the start and end memory locations for each DLL, even those that I don't have source code for, so I can see what DLL contains the $77BEF00F address location?
3) 有没有人遇到过混合 DirectShow 链和套接字的应用程序的问题?您可以向我提出任何警告或提示吗?我的应用程序中的 DirectShow 链混合了来自套接字的音频数据并将数据发送到套接字.
3) Has anyone ever had trouble with an application that mixed DirectShow chains and sockets? Any caveats or tips you can throw me? The DirectShow chains in my application mix in audio data coming in from sockets and send data to sockets.
更新:使用 Roman R 的 Process Explorer 提示,我已将 $77BEFOOF 的 AV 故障位置跟踪到 msacm32.dll,这是Microsoft 音频压缩管理器(在 Process Explorer Description 字段中显示为Microsoft ACM 音频过滤器".)如果有人对该 DLL 的问题有任何现场经验,请分享.
UPDATE: Using Roman R's Process Explorer tip I have tracked the AV fault location of $77BEFOOF to msacm32.dll, which is the Microsoft Audio Compression Manager (shown as "Microsoft ACM Audio Filter" in the Process Explorer Description field.) If anyone has any field experience with problems with that DLL, please share.
推荐答案
线程不属于 DLL,它们属于进程.您通常会想要哪个 DLL 启动了一个线程,因此您将检查线程调用堆栈并查看最底部的条目是什么 - 这将表明谁是线程启动器.
Threads don't belong to DLLs, they belong to processes. You will normally want which DLL started a thread, so you will chcek thread call stack and see what are the entries at the very bottom - this will suggest who is the thread starter.
DLL 被映射到某个基地址的进程中,您可以通过 PSAPI(例如 EnumProcessModules) 或 Process Explorer 可以交互地获取它(列Base、尺寸).
DLL is mapped into process at certain base address, you can query this programmatically via PSAPI (e.g. EnumProcessModules), or Process Explorer can get it to you interactively (columns Base, Size).
这篇关于我如何知道哪个 DLL 启动了一个线程以及一个 DLL 为外部 DLL 拥有的地址空间是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
