最近我安装了一个用 Delphi 构建的应用程序,当我尝试在应用程序中加载某些文件时,出现地址 00000000 处的访问冲突。我在事件查看器中找不到有关该问题的任何信息,因此我使用进程资源管理器为该进程生成一个哑文件,然后在 WinDbg 中使用该文件,输出如下:
Microsoft (R) Windows Debugger Version 10.0.25200.1003 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\xVisualizer3D.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Sat Nov 12 18:56:37.000 2022 (UTC + 2:00)
System Uptime: not available
Process Uptime: 0 days 0:00:32.000
................................................................
..................................
For analysis of this file, run !analyze -v
*** WARNING: Unable to verify checksum for Visualizer3D.exe
eax=00320620 ebx=0008e301 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=767939c0 esp=0018fed4 ebp=0018ff04 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
user32!NtUserWaitMessage+0x15:
767939c0 83c404 add esp,4
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!gpServerNlsUserInfo ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1343
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 289371
Key : Analysis.IO.Other.Mb
Value: 6
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 7
Key : Analysis.Init.CPU.mSec
Value: 562
Key : Analysis.Init.Elapsed.mSec
Value: 407939
Key : Analysis.Memory.CommitPeak.Mb
Value: 69
Key : Timeline.Process.Start.DeltaSec
Value: 32
Key : WER.Process.Version
Value: 3.0.0.30
FILE_IN_CAB: xVisualizer3D.dmp
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 00000e60
PROCESS_NAME: Visualizer3D.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE_STR: 80000003
STACK_TEXT:
0018fed4 006b0756 0018ff30 006b0773 0018ff04 user32!NtUserWaitMessage+0x15
WARNING: Stack unwind information not available. Following frames may be wrong.
0018ff04 006af968 001a036e 00000113 00000001 Visualizer3D!TMethodImplementationIntercept+0x1c3ece
0018ff58 00bbca0a 00bbcab9 0018ff78 00bbcad1 Visualizer3D!TMethodImplementationIntercept+0x1c30e0
0018ff88 7628343d 7efde000 0018ffd4 771f9832 Visualizer3D!TMethodImplementationIntercept+0x6d0182
0018ff94 771f9832 7efde000 77ecc335 00000000 kernel32!BaseThreadInitThunk+0xe
0018ffd4 771f9805 00bbc8a8 7efde000 00000000 ntdll!__RtlUserThreadStart+0x70
0018ffec 00000000 00bbc8a8 7efde000 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: ~0s; .ecxr ; kb
SYMBOL_NAME: visualizer3d+1c3ece
MODULE_NAME: Visualizer3D
IMAGE_NAME: Visualizer3D.exe
FAILURE_BUCKET_ID: BREAKPOINT_80000003_Visualizer3D.exe!Unknown
OSPLATFORM_TYPE: x86
OSNAME: Windows 7
IMAGE_VERSION: 3.0.0.30
FAILURE_ID_HASH: {860298c4-6043-6454-52eb-067e0c079603}
Followup: MachineOwner
---------
我不知道在这之后该做什么,查看了上面的信息,找不到有关问题原因的任何有用信息,也不确定,但我认为我在调试器中也遇到了符号问题。
那么我现在该怎么做才能找到异常的原因?
注意:我没有该程序的源代码,我也尝试在另一台电脑(安装了 win 10)上安装该应用程序,并且没有任何问题。
问候
答案1
由于 Windows 机制
创建应用程序崩溃转储
通过设置注册表项
HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\SomeProcess.exe
,不适用于 OKM Visualizer 3D Studio 应用程序,您需要自行调试。
您需要运行该应用程序从调试器。您可以尝试 Windbg 或 Visual Studio 或 Visual Studio Code。
这样,调试器将始终处于控制之中。您需要确保调试器已设置为捕获访问冲突的错误代码。
这将需要一些读取执行堆栈及其参数的知识。
但是,由于您没有该应用程序的源代码,并且应用程序的支持没有回答,因此不清楚通过更好地了解问题您将获得什么。您最好尝试寻找替代产品。
我还会在运行 Windows 10 的计算机上试用该产品。如今许多产品不再支持 Windows 7,而该产品可能就是其中之一。