Windows下生成core dump文件:
CoreDump.h
#include <Windows.h>
#include <DbgHelp.h>
#pragma comment(lib,"DbgHelp.lib")
inline LONG ApplicationCrashHandler(EXCEPTION_POINTERS* pException) {
HANDLE hDumpFile = CreateFileW(L"Crash.dmp", GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
MINIDUMP_EXCEPTION_INFORMATION dumpInfo;
dumpInfo.ExceptionPointers = pException;
dumpInfo.ThreadId = GetCurrentThreadId();
dumpInfo.ClientPointers = TRUE;
MiniDumpWriteDump(GetCurrentProcess(), GetCurrentProcessId(), hDumpFile, MiniDumpNormal, &dumpInfo, NULL, NULL);
CloseHandle(hDumpFile);
return EXCEPTION_EXECUTE_HANDLER;
}
如何嵌入项目:
#include "CoreDump.h"
int main()
{
SetUnhandledExceptionFilter(ApplicationCrashHandler);
int a = 1;
int b = 0;
int test = a / b; // Crash!
return 0;
}
Windows core dump文件如何分析:
image.png
注意将pdb文件放到符号目录下,例如我这里配置的是D盘:
image.png
然后就可以用 !analyze -v命令先让WinDbg简单分析一下:
...
FILE_IN_CAB: Crash.dmp
CONTEXT: (.ecxr)
rax=0000000000000001 rbx=0000000000000000 rcx=ffffffffffffffff
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=00007ff708e214e8 rsp=000000d570fffc70 rbp=0000000000000000
r8=000000d570fff908 r9=0000000000000000 r10=0000000000000000
r11=000000d570fffc60 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206
dump_test!main+0x28:
00007ff7`08e214e8 f77c2424 idiv eax,dword ptr [rsp+24h] ss:000000d5`70fffc94=00000000
Resetting default scope
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ff708e214e8 (dump_test!main+0x0000000000000028)
ExceptionCode: c0000094 (Integer divide-by-zero)
ExceptionFlags: 00000000
NumberParameters: 0
...
例如从上面的信息我们可以看到奔溃的原因是除零导致
然后使用kb命令调用堆栈查看完整调用链路:
# RetAddr : Args to Child : Call Site
00 00007ffb`5cf76682 : 000000d5`70ffe038 00000000`00000344 000002ce`c4c31bf0 00007ffb`5cf864d1 : ntdll!ZwGetContextThread+0x14
01 00007ffb`5cf864d1 : 000000d5`70ffd2f8 00000000`0000ac80 00000000`0000ffdf 00000000`00000000 : dtframe64!EATUninstallRaw+0x124d82
02 00007ffb`5cf864fd : 00000000`00000344 00007ffb`5d3066ff 000000d5`70ffdf90 000000d5`70ffd3d0 : dtframe64!EATUninstallRaw+0x134bd1
03 00007ffb`732e3800 : 000002ce`c4c31bf0 00000000`00000000 00000000`00000000 00007ffb`00000001 : dtframe64!EATUninstallRaw+0x134bfd
04 00007ffb`5d323919 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlSetLastWin32Error+0x40
05 00007ffb`5d2dc504 : 00000000`00000001 000000d5`70ffdee0 000000d5`70ffd450 00000000`00000001 : winhadnt64!InitUPDLShareMemory+0x870d9
06 00000000`00008f18 : 000002ce`c5371e38 e8240791`10dea270 00000000`00002de8 000002ce`c5371e38 : winhadnt64!InitUPDLShareMemory+0x3fcc4
07 000002ce`c5371e38 : e8240791`10dea270 00000000`00002de8 000002ce`c5371e38 000000d5`70ffd218 : 0x8f18
08 e8240791`10dea270 : 00000000`00002de8 000002ce`c5371e38 000000d5`70ffd218 ffffffff`ffffffff : 0x000002ce`c5371e38
09 00000000`00002de8 : 000002ce`c5371e38 000000d5`70ffd218 ffffffff`ffffffff 00000000`00000331 : 0xe8240791`10dea270
0a 000002ce`c5371e38 : 000000d5`70ffd218 ffffffff`ffffffff 00000000`00000331 000000d5`70ffdf18 : 0x2de8
0b 000000d5`70ffd218 : ffffffff`ffffffff 00000000`00000331 000000d5`70ffdf18 00000000`00002de8 : 0x000002ce`c5371e38
0c ffffffff`ffffffff : 00000000`00000331 000000d5`70ffdf18 00000000`00002de8 000000d5`70ffd218 : 0x000000d5`70ffd218
0d 00000000`00000331 : 000000d5`70ffdf18 00000000`00002de8 000000d5`70ffd218 ffffffff`ffffffff : 0xffffffff`ffffffff
0e 000000d5`70ffdf18 : 00000000`00002de8 000000d5`70ffd218 ffffffff`ffffffff 000000d5`70ffdf50 : 0x331
0f 00000000`00002de8 : 000000d5`70ffd218 ffffffff`ffffffff 000000d5`70ffdf50 00007ffb`73280df2 : 0x000000d5`70ffdf18
10 000000d5`70ffd218 : ffffffff`ffffffff 000000d5`70ffdf50 00007ffb`73280df2 00007ffb`70609685 : 0x2de8
11 ffffffff`ffffffff : 000000d5`70ffdf50 00007ffb`73280df2 00007ffb`70609685 ffffffff`ffffffff : 0x000000d5`70ffd218
12 000000d5`70ffdf50 : 00007ffb`73280df2 00007ffb`70609685 ffffffff`ffffffff 000000d5`70ffd218 : 0xffffffff`ffffffff
13 00007ffb`73280df2 : 00007ffb`70609685 ffffffff`ffffffff 000000d5`70ffd218 000002ce`c5371e38 : 0x000000d5`70ffdf50
14 00007ffb`70609685 : ffffffff`ffffffff 000000d5`70ffd218 000002ce`c5371e38 00000000`00002de8 : 0x00007ffb`73280df2
15 00007ffb`6c6caa8a : 00000000`00000000 00000000`00000000 00000000`00000000 00007ffb`6c6c1bd8 : KERNELBASE!ReadProcessMemory+0x15
16 00007ffb`6c6c1d9b : 000000d5`70ffe8f0 000000d5`70ffe8f0 00000000`00002de8 000000d5`70ffd218 : dbgcore!MiniDumpReadDumpStream+0x335a
17 00007ffb`6c6c2a4e : 000000d5`70ffe280 00007ffb`6c6ce44f 000000d5`70ffe810 00000000`00000004 : dbgcore+0x1d9b
18 00007ffb`6c6c57c6 : 000000d5`70ffe810 000000d5`70ffe8f0 000000d5`70ffe1a8 000002ce`c5370080 : dbgcore+0x2a4e
19 00007ffb`6c6c6c05 : 00000000`00000000 000002ce`c5370080 00000000`00200000 00000000`00000000 : dbgcore+0x57c6
1a 00007ffb`6c6c75e1 : 00000000`00000000 00000000`00000000 000002ce`c5470860 000002ce`c5470888 : dbgcore+0x6c05
1b 00007ff7`08e215cd : 000000d5`70ffebf0 00007ffb`7330760c 00000000`0000021a 00000000`00000000 : dbgcore!MiniDumpWriteDump+0x321
1c 00007ffb`70710b0c : 000000d5`70ffed80 00000000`00000001 00000000`00000000 00007ffa`ce602e59 : dump_test!ApplicationCrashHandler+0xbd [D:\Workspace\c++\windows_dump\CrashCaputure.h @ 13]
1d 00007ffb`7333987d : 00000000`0005af49 00007ffb`733f2bc8 00000000`00000000 00007ffb`732b0f5a : KERNELBASE!UnhandledExceptionFilter+0x1ec
1e 00007ffb`7331f6a7 : 000000d5`70ffee50 00000000`00000000 000000d5`70ffee08 000000d5`70fff3f0 : ntdll!RtlCopyMemory+0x2bbd
1f 00007ffb`733351df : 00000000`00000000 000000d5`70fff350 000000d5`70fffa30 000000d5`70fffa30 : ntdll!_C_specific_handler+0x97
20 00007ffb`732ae866 : 000000d5`70fffa30 00007ffb`73290000 00007ffb`732eaf28 00007ffb`7341ebf8 : ntdll!_chkstk+0x12f
21 00007ffb`733341ce : 00007ffa`ce723cd8 00000000`00000001 00000000`00000000 000000d5`70fff570 : ntdll!RtlFindCharInUnicodeString+0xa96
22 00007ff7`08e214e8 : 00000000`00000000 00000000`00000000 00007ff7`00000000 00007ff7`08e21a65 : ntdll!KiUserExceptionDispatcher+0x2e
23 00007ff7`08e21d19 : 0000d8e2`00000001 00007ffa`ce6222a3 00000000`00000000 00007ff7`08e22e9d : dump_test!main+0x28 [D:\Workspace\c++\windows_dump\main.cpp @ 9]
24 00007ff7`08e21bbe : 00007ff7`08e29000 00007ff7`08e29220 00000000`00000000 00000000`00000000 : dump_test!invoke_main+0x39 [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 79]
25 00007ff7`08e21a7e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : dump_test!__scrt_common_main_seh+0x12e [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 288]
26 00007ff7`08e21dae : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : dump_test!__scrt_common_main+0xe [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 331]
27 00007ffb`72d8257d : 000000d5`710c9000 00000000`00000000 00000000`00000000 00000000`00000000 : dump_test!mainCRTStartup+0xe [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp @ 17]
28 00007ffb`732eaf28 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x1d
29 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x28
从底部信息可见显然可以看到崩溃在:
dump_test!main+0x28 [D:\Workspace\c++\windows_dump\main.cpp @ 9]
image.png
网友评论