如何在minidump中更改模块的校验和? [英] How can I change a module's checksum in a minidump?
问题描述
当它在客户端的机器上崩溃我得到一个minidump回来。我在Visual Studio中打开这些minidumps,并在那里探索。
我已经通过搜索.map文件中的地址,很好地利用了这些minidumps。这通常会让我在正确的代码区域,我通常可以理解为什么发生崩溃并修复它,但这是非常耗时的。
这将是有帮助,如果我可以使用我从原始构建保存的符号在调试的minidump。
我的问题是,我收到警告,无法找到正确的符号。我的研究使我相信这是因为客户机上的exe的校验和与Visual Studio构建的exe的校验和不符。我明白为什么,它被压缩和被吸收。当然校验和不匹配。
我想我可以手动编辑minidump或更改保存的二进制文件的校验和,以匹配可分发的校验和。我更喜欢操纵存储的副本,所以我不必修改每一个转储,但是我会用这两个变量进行修改。
所以,我的问题是:我如何找到这些校验和,并找出我应该替换它们?作为一个辅助的问题:有没有更好的方法?
不知道你如何压缩和加密你的二进制文件,这很难因为我是非常具体的。
有几种方法,我认为你可以采取来解决这个问题。要真正尝试使其正常工作,您可能需要考虑使用WinDbg而不是Visual Studio调试器。你会明白为什么我稍后推荐这个...
WinDbg提供了一些允许轻松加载符号文件的选项。使用此选项的想法是,如果源代码没有更改,但是二进制文件来自与PDB不同的构建,则可以放弃GUID检查,并且可以加载不匹配的符号文件。我不知道这可以用于压缩和加密,所以YMMV。
WinDbg及其附带的工具可用于从可执行文件中转储GUID和PDB,但我现在忽略了,因为我希望这些步骤是不必要的。
在WinDbg中打开你的minidump之后,你将需要在命令行中输入几个命令以使其全部工作:
.symopt + 0x40
! sym嘈杂
ld< exe name>
第一个命令启用 SYMOPT_LOAD_ANYTHING 选项跳过GUID检查。 !sym 命令启用符号加载的详细输出,以便您可以看到更详细的错误消息。 ld 命令指示WinDbg尝试加载您将在< exe name> 。如果您重复 ld 命令,WinDbg将指示它是否第一次成功加载符号。
希望这个帮助 - 再次,我不知道这将如何与您的压缩和加密工作,但值得尝试。
The software that I write (and sell) is compressed and encrypted before I distribute it. Everytime I release a new build, I keep all the .map files and the generated binaries including the exe before it is compressed and encrypted.
When it crashes on a client's machine I get a minidump back. I open these minidumps in Visual Studio and explore them there.
I have made good use of these minidumps by searching for addresses in the .map files. This will typically get me in the correct area of the code and I can generally reason about why the crash occured and fix it but this is VERY time consuming.
It would be helpful if I could use the symbols that I saved from the original build in the debugging of the minidump.
My problem is that I get warnings about being unable to find the right symbols. My research leads me to believe that this is because the checksum of the exe on the client's machine does not match the checksum of the exe that Visual Studio built. And I understand why, it has been compressed and encypted. Of course the checksums don't match.
I figure I can manually edit the minidump or change the checksum of the saved binaries to match the checksum of the distributable. I would prefer to manipulate the stored copies so I don't have to modify every dump that comes in, but I'd be estatic with either.
So, my question is: How can I locate these checksums and figure out what I should replace them with? As an auxiliary question: Is there a better way?
Without knowing how exactly you are compressing and encrypting your binaries, it's hard for me to be very specific.
This blog post by John Robbins points out that executable images are associated with their PDBs via a GUID that's embedded in the executable's PE header. You should be able to view it by running DUMPBIN /HEADERS on the executable, and looking for the output of Debug Directories. If your compression and encryption has modified the PE headers such that this information isn't available (or correct), then it would explain why your debugger can't find anything.
There are a few approaches that I think that you could take to resolve this issue. To really try to get this to work, you might want to consider using WinDbg instead of the Visual Studio debugger. You'll understand why I am recommending this in a moment...
WinDbg provides some options that allow the relaxed loading of symbol files. The idea with this option is that, if the source code hasn't changed but the binaries are from a different build than the PDB, the GUID check can be waived and the mismatched symbol file can be loaded. I don't know how well this will work with your compression and encryption, so YMMV.
WinDbg and its accompanying tools can be used to dump the GUID from both the executable and the PDB, but I'm omitting that for now because I am hoping that those steps won't be necessary.
After you have opened your minidump in WinDbg, you will need to enter several commands into the command line to get this all to work:
.symopt +0x40
!sym noisy
ld <exe name>
The first command enables the SYMOPT_LOAD_ANYTHING option that skips the GUID check. The !sym command enables verbose output for symbol loading so that you may see more detailed error messages. The ld command directs WinDbg to try to load the symbols for the executable name that you will type in the place of <exe name>. If you repeat the ld command, WinDbg will indicate if it successfully loaded the symbols the first time.
Hopefully this helps -- again, I don't know how well this will work with your compression and encryption, but it's worth trying.
这篇关于如何在minidump中更改模块的校验和?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
