Bug 4289: Debugging and dissasembly
James Trotter
james.trotter at gmail.com
Sat Jan 14 08:44:49 CST 2006
On 1/14/06, James Trotter <james.trotter at gmail.com> wrote:
>
> ---------- Forwarded message ----------
> From: James Trotter <james.trotter at gmail.com>
> Date: Jan 14, 2006 3:22 PM
> Subject: Re: Bug 4289: Debugging and dissasembly
> To: Eric Pouech <eric.pouech at wanadoo.fr>
>
> On 1/14/06, Eric Pouech <eric.pouech at wanadoo.fr> wrote:
> >
> > James Trotter wrote:
> > > Hi!
> > >
> > > A few days ago I filed this bug: http://bugs.winehq.org/show_bug.cgi?id=4289
> >
> > >
> > > Alexandre commented that there most likely was some stack corruption,
> > > and that I should try and disassemble a few instructions before the
> > > crash and look for API calls.
> > >
> > > Now, I haven't used gdb or winedbg that much before, and I'm a bit
> > > uncertain what to do. I understand that using the disassemble
> > > [<addr>][,<addr>] command, the debugger will disassemble that address
> > > space. Given the stack trace as in the bug report, which addresses,
> > > exactly, should I disassemble?
> > before 0x007ab8f1
> > A+
> >
> >
> > --
> > Eric Pouech
> >
> >
> Sure, but how much before 0x007ab8f1?
>
> For instance, Is this helpful?
>
> WineDbg starting on pid 0xa
> In 32 bit mode.
> 0x7fcfba16 start_process+0xb6
> [/home/james/development/wine/regression_testing/2005-07-18/wine/dlls/kernel/process.c:996]
> in kernel32: pushl %edi
> 996 ExitProcess( entry( peb ) );
> Wine-dbg>cont
> First chance exception: page fault on read access to 0x20202020 in 32-bit
> code (0x007ab8f1).
> Register dump:
> CS:0073 SS:007b DS:007b ES:007b FS:1007 GS:0033
> EIP:007ab8f1 ESP:7facaba4 EBP:00000000 EFLAGS:00210246( - 00
> -RIZP1)
> EAX:20202020 EBX:00000001 ECX:7facb450 EDX:00000000
> ESI:7facb328 EDI:7beb4460
> Stack dump:
> 0x7facaba4: 20202020 00002711 00000000 7facb328
> 0x7facabb4: 7facabe0 007aaf30 7facb218 7facaf60
> 0x7facabc4: 00000000 00002711 40c38800 7facb328
> 0x7facabd4: 7facac90 0084566a 00000007 7fd0e900
> 0x7facabe4: 0078e3ca 00000000 7facaf60 00400000
> 0x7facabf4: 7fd39206 7facaf60 00000000 7fd39206
> 0200: sel=1007 base=b7f81000 limit=00001f97 32-bit rw-
> Backtrace:
> =>1 0x007ab8f1 in iwd2 (+0x3ab8f1) (0x00000000)
> 0x007ab8f1: movl 0x0(%eax),%ecx
> Wine-dbg>disassemble 0x007ab800, 0x007ab8f1
> 0x007ab800: addb %bh,0x0(%ebx)
> 0x007ab802: int $0x74
> 0x007ab804: pop %ss
> 0x007ab805: cmpl %ebx,0x390(%ecx)
> 0x007ab80b: jz 0x007ab81c
> 0x007ab80d: addl $0x394,%ecx
> 0x007ab813: pushl %ecx
> 0x007ab814: call *%edi
> 0x007ab816: movl 0x008cf6d8,%ecx
> 0x007ab81c: movl 0x13c(%esi),%eax
> 0x007ab822: cmpl %ebp,%eax
> 0x007ab824: jz 0x007ab838
> 0x007ab826: movl 0x0(%eax),%ecx
> 0x007ab828: pushl %eax
> 0x007ab829: call *0x8(%ecx)
> 0x007ab82c: movl %ebp,0x13c(%esi)
> 0x007ab832: movl 0x008cf6d8,%ecx
> 0x007ab838: cmpl %ebp,%ecx
> 0x007ab83a: jz 0x007ab84d
> 0x007ab83c: cmpl %ebx,0x390(%ecx)
> 0x007ab842: jz 0x007ab84d
> 0x007ab844: addl $0x394,%ecx
> 0x007ab84a: pushl %ecx
> 0x007ab84b: call *%edi
> 0x007ab84d: leal 0x128(%esi),%ecx
> 0x007ab853: call 0x007c22d0
> 0x007ab858: movl %ebp,0x140(%esi)
> 0x007ab85e: movl 0x008cf6d8,%eax
> 0x007ab863: cmpl %ebp,%eax
> 0x007ab865: jz 0x007ab87b
> 0x007ab867: cmpl %ebx,0x390(%eax)
> 0x007ab86d: jz 0x007ab87b
> 0x007ab86f: addl $916,%eax
> 0x007ab874: pushl %eax
> 0x007ab875: call *0x8472c8 -> 0x7beb4180 RtlLeaveCriticalSection
> [/home/james/development/wine/regression_testing/2005-07-18/wine/dlls/ntdll/critsection.c:407]
> in ntdll
> 0x007ab87b: cmpl %ebp,0x90(%esi)
> 0x007ab881: jz 0x007ab8a4
> 0x007ab883: leal 0x84(%esi),%edi
> 0x007ab889: movl %edi,%ecx
> 0x007ab88b: call 0x007fbe77
> 0x007ab890: cmpl %ebp,%eax
> 0x007ab892: jz 0x007ab89c
> 0x007ab894: movl 0x0(%eax),%edx
> 0x007ab896: pushl %ebx
> 0x007ab897: movl %eax,%ecx
> 0x007ab899: call *0x4(%edx)
> 0x007ab89c: cmpl %ebp,0x90(%esi)
> 0x007ab8a2: jnz 0x007ab889
> 0x007ab8a4: cmpl %ebp,0xac(%esi)
> 0x007ab8aa: jz 0x007ab8d8
> 0x007ab8ac: leal 0xa0(%esi),%ebx
> 0x007ab8b2: movl %ebx,%ecx
> 0x007ab8b4: call 0x007fbe77
> 0x007ab8b9: movl %eax,%edi
> 0x007ab8bb: movl 0x58(%edi),%eax
> 0x007ab8be: cmpl %ebp,%eax
> 0x007ab8c0: jz 0x007ab8cb
> 0x007ab8c2: movl 0x0(%eax),%ecx
> 0x007ab8c4: pushl %eax
> 0x007ab8c5: call *0x8(%ecx)
> 0x007ab8c8: movl %ebp,0x58(%edi)
> 0x007ab8cb: cmpl %ebp,0xac(%esi)
> 0x007ab8d1: jnz 0x007ab8b2
> 0x007ab8d3: movl $0x1,%ebx
> 0x007ab8d8: cmpl %ebp,0x4(%esi)
> 0x007ab8db: jz 0x007ab8f9
> 0x007ab8dd: movl 0x8(%esi),%eax
> 0x007ab8e0: cmpl %ebp,%eax
> 0x007ab8e2: jz 0x007ab8ed
> 0x007ab8e4: movl 0x0(%eax),%edx
> 0x007ab8e6: pushl %eax
> 0x007ab8e7: call *0x8(%edx)
> 0x007ab8ea: movl %ebp,0x8(%esi)
> 0x007ab8ed: movl 0x4(%esi),%eax
> 0x007ab8f0: pushl %eax
> 0x007ab8f1: movl 0x0(%eax),%ecx
> Wine-dbg>
>
> Thanks,
> James
>
Alright, here is a disassembly of 0x007a0000 to 0x007ab8f1. There are a lot
of calls to RtlEnterCriticalSection and RtlLeaveCriticalSection, but also
some other calls, e.g. SendMessageA, SetRect, SleepEx, lstrcpyA and some
more.
Is this helpful at all? Is there anything specific I should look for?
Thanks,
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winehq.org/pipermail/wine-devel/attachments/20060114/c187f300/attachment.htm
More information about the wine-devel
mailing list