Bug 4289: Debugging and dissasembly

James Trotter james.trotter at gmail.com
Sat Jan 14 08:44:49 CST 2006 

On 1/14/06, James Trotter <james.trotter at gmail.com> wrote:
>
> ---------- Forwarded message ----------
> From: James Trotter <james.trotter at gmail.com>
> Date: Jan 14, 2006 3:22 PM
> Subject: Re: Bug 4289: Debugging and dissasembly
> To: Eric Pouech <eric.pouech at wanadoo.fr>
>
> On 1/14/06, Eric Pouech <eric.pouech at wanadoo.fr> wrote:
> >
> > James Trotter wrote:
> > > Hi!
> > >
> > > A few days ago I filed this bug: http://bugs.winehq.org/show_bug.cgi?id=4289
> >
> > >
> > > Alexandre commented that there most likely was some stack corruption,
> > > and that I should try and disassemble a few instructions before the
> > > crash and look for API calls.
> > >
> > > Now, I haven't used gdb or winedbg that much before, and I'm a bit
> > > uncertain what to do. I understand that using the disassemble
> > > [<addr>][,<addr>] command, the debugger will disassemble that address
> > > space. Given the stack trace as in the bug report, which addresses,
> > > exactly, should I disassemble?
> > before 0x007ab8f1
> > A+
> >
> >
> > --
> > Eric Pouech
> >
> >
> Sure, but how much before 0x007ab8f1?
>
> For instance, Is this helpful?
>
> WineDbg starting on pid 0xa
> In 32 bit mode.
> 0x7fcfba16 start_process+0xb6
> [/home/james/development/wine/regression_testing/2005-07-18/wine/dlls/kernel/process.c:996]
> in kernel32: pushl    %edi
> 996             ExitProcess( entry( peb ) );
> Wine-dbg>cont
> First chance exception: page fault on read access to 0x20202020 in 32-bit
> code (0x007ab8f1).
> Register dump:
>  CS:0073 SS:007b DS:007b ES:007b FS:1007 GS:0033
>  EIP:007ab8f1 ESP:7facaba4 EBP:00000000 EFLAGS:00210246(   - 00
> -RIZP1)
>  EAX:20202020 EBX:00000001 ECX:7facb450 EDX:00000000
>  ESI:7facb328 EDI:7beb4460
> Stack dump:
> 0x7facaba4:  20202020 00002711 00000000 7facb328
> 0x7facabb4:  7facabe0 007aaf30 7facb218 7facaf60
> 0x7facabc4:  00000000 00002711 40c38800 7facb328
> 0x7facabd4:  7facac90 0084566a 00000007 7fd0e900
> 0x7facabe4:  0078e3ca 00000000 7facaf60 00400000
> 0x7facabf4:  7fd39206 7facaf60 00000000 7fd39206
> 0200: sel=1007 base=b7f81000 limit=00001f97 32-bit rw-
> Backtrace:
> =>1 0x007ab8f1 in iwd2 (+0x3ab8f1) (0x00000000)
> 0x007ab8f1: movl        0x0(%eax),%ecx
> Wine-dbg>disassemble 0x007ab800, 0x007ab8f1
> 0x007ab800: addb        %bh,0x0(%ebx)
> 0x007ab802: int $0x74
> 0x007ab804: pop %ss
> 0x007ab805: cmpl        %ebx,0x390(%ecx)
> 0x007ab80b: jz  0x007ab81c
> 0x007ab80d: addl        $0x394,%ecx
> 0x007ab813: pushl       %ecx
> 0x007ab814: call        *%edi
> 0x007ab816: movl        0x008cf6d8,%ecx
> 0x007ab81c: movl        0x13c(%esi),%eax
> 0x007ab822: cmpl        %ebp,%eax
> 0x007ab824: jz  0x007ab838
> 0x007ab826: movl        0x0(%eax),%ecx
> 0x007ab828: pushl       %eax
> 0x007ab829: call        *0x8(%ecx)
> 0x007ab82c: movl        %ebp,0x13c(%esi)
> 0x007ab832: movl        0x008cf6d8,%ecx
> 0x007ab838: cmpl        %ebp,%ecx
> 0x007ab83a: jz  0x007ab84d
> 0x007ab83c: cmpl        %ebx,0x390(%ecx)
> 0x007ab842: jz  0x007ab84d
> 0x007ab844: addl        $0x394,%ecx
> 0x007ab84a: pushl       %ecx
> 0x007ab84b: call        *%edi
> 0x007ab84d: leal        0x128(%esi),%ecx
> 0x007ab853: call        0x007c22d0
> 0x007ab858: movl        %ebp,0x140(%esi)
> 0x007ab85e: movl        0x008cf6d8,%eax
> 0x007ab863: cmpl        %ebp,%eax
> 0x007ab865: jz  0x007ab87b
> 0x007ab867: cmpl        %ebx,0x390(%eax)
> 0x007ab86d: jz  0x007ab87b
> 0x007ab86f: addl        $916,%eax
> 0x007ab874: pushl       %eax
> 0x007ab875: call        *0x8472c8 -> 0x7beb4180 RtlLeaveCriticalSection
> [/home/james/development/wine/regression_testing/2005-07-18/wine/dlls/ntdll/critsection.c:407]
> in ntdll
> 0x007ab87b: cmpl        %ebp,0x90(%esi)
> 0x007ab881: jz  0x007ab8a4
> 0x007ab883: leal        0x84(%esi),%edi
> 0x007ab889: movl        %edi,%ecx
> 0x007ab88b: call        0x007fbe77
> 0x007ab890: cmpl        %ebp,%eax
> 0x007ab892: jz  0x007ab89c
> 0x007ab894: movl        0x0(%eax),%edx
> 0x007ab896: pushl       %ebx
> 0x007ab897: movl        %eax,%ecx
> 0x007ab899: call        *0x4(%edx)
> 0x007ab89c: cmpl        %ebp,0x90(%esi)
> 0x007ab8a2: jnz 0x007ab889
> 0x007ab8a4: cmpl        %ebp,0xac(%esi)
> 0x007ab8aa: jz  0x007ab8d8
> 0x007ab8ac: leal        0xa0(%esi),%ebx
> 0x007ab8b2: movl        %ebx,%ecx
> 0x007ab8b4: call        0x007fbe77
> 0x007ab8b9: movl        %eax,%edi
> 0x007ab8bb: movl        0x58(%edi),%eax
> 0x007ab8be: cmpl        %ebp,%eax
> 0x007ab8c0: jz  0x007ab8cb
> 0x007ab8c2: movl        0x0(%eax),%ecx
> 0x007ab8c4: pushl       %eax
> 0x007ab8c5: call        *0x8(%ecx)
> 0x007ab8c8: movl        %ebp,0x58(%edi)
> 0x007ab8cb: cmpl        %ebp,0xac(%esi)
> 0x007ab8d1: jnz 0x007ab8b2
> 0x007ab8d3: movl        $0x1,%ebx
> 0x007ab8d8: cmpl        %ebp,0x4(%esi)
> 0x007ab8db: jz  0x007ab8f9
> 0x007ab8dd: movl        0x8(%esi),%eax
> 0x007ab8e0: cmpl        %ebp,%eax
> 0x007ab8e2: jz  0x007ab8ed
> 0x007ab8e4: movl        0x0(%eax),%edx
> 0x007ab8e6: pushl       %eax
> 0x007ab8e7: call        *0x8(%edx)
> 0x007ab8ea: movl        %ebp,0x8(%esi)
> 0x007ab8ed: movl        0x4(%esi),%eax
> 0x007ab8f0: pushl       %eax
> 0x007ab8f1: movl        0x0(%eax),%ecx
> Wine-dbg>
>
> Thanks,
> James
>

Alright, here is a disassembly of 0x007a0000 to 0x007ab8f1. There are a lot
of calls to RtlEnterCriticalSection and RtlLeaveCriticalSection, but also
some other calls, e.g. SendMessageA, SetRect, SleepEx, lstrcpyA and some
more.

Is this helpful at all? Is there anything specific I should look for?

Thanks,
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winehq.org/pipermail/wine-devel/attachments/20060114/c187f300/attachment.htm

More information about the wine-devel mailing list