On 1/14/06, <b class="gmail_sendername">James Trotter</b> <<a href="mailto:james.trotter@gmail.com">james.trotter@gmail.com</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><span class="e" id="q_108c9527474b0c1e_0">---------- Forwarded message ----------<br><span class="gmail_quote">From: <b class="gmail_sendername">James Trotter</b> <<a href="mailto:james.trotter@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
james.trotter@gmail.com</a>><br>Date: Jan 14, 2006 3:22 PM
<br>Subject: Re: Bug 4289: Debugging and dissasembly<br>To: Eric Pouech <<a href="mailto:eric.pouech@wanadoo.fr" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">eric.pouech@wanadoo.fr</a>><br>
<br></span><div><span>On 1/14/06, <b class="gmail_sendername">
Eric Pouech</b> <<a href="mailto:eric.pouech@wanadoo.fr" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">eric.pouech@wanadoo.fr</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
James Trotter wrote:<br>> Hi!<br>><br>> A few days ago I filed this bug: <a href="http://bugs.winehq.org/show_bug.cgi?id=4289" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://bugs.winehq.org/show_bug.cgi?id=4289
</a><br>><br>> Alexandre commented that there most likely was some stack corruption,
<br>> and that I should try and disassemble a few instructions before the<br>> crash and look for API calls.<br>><br>> Now, I haven't used gdb or winedbg that much before, and I'm a bit<br>> uncertain what to do. I understand that using the disassemble
<br>> [<addr>][,<addr>] command, the debugger will disassemble that address<br>> space. Given the stack trace as in the bug report, which addresses,<br>> exactly, should I disassemble?<br>before 0x007ab8f1
<br>A+<br><br><br>--<br>Eric Pouech<br><br></blockquote></div><br></span></div>
Sure, but how much before 0x007ab8f1?<br>
<br>
For instance, Is this helpful?<br>
<br>
WineDbg starting on pid 0xa<br>
In 32 bit mode.<br>
0x7fcfba16 start_process+0xb6
[/home/james/development/wine/regression_testing/2005-07-18/wine/dlls/kernel/process.c:996]
in kernel32: pushl %edi<br>
996 ExitProcess( entry( peb ) );<br>
Wine-dbg>cont<br>
First chance exception: page fault on read access to 0x20202020 in 32-bit code (0x007ab8f1).<br>
Register dump:<br>
CS:0073 SS:007b DS:007b ES:007b FS:1007 GS:0033<br>
EIP:007ab8f1 ESP:7facaba4 EBP:00000000 EFLAGS:00210246( - 00 -RIZP1)<br>
EAX:20202020 EBX:00000001 ECX:7facb450 EDX:00000000<br>
ESI:7facb328 EDI:7beb4460<br>
Stack dump:<br>
0x7facaba4: 20202020 00002711 00000000 7facb328<br>
0x7facabb4: 7facabe0 007aaf30 7facb218 7facaf60<br>
0x7facabc4: 00000000 00002711 40c38800 7facb328<br>
0x7facabd4: 7facac90 0084566a 00000007 7fd0e900<br>
0x7facabe4: 0078e3ca 00000000 7facaf60 00400000<br>
0x7facabf4: 7fd39206 7facaf60 00000000 7fd39206<br>
0200: sel=1007 base=b7f81000 limit=00001f97 32-bit rw-<br>
Backtrace:<br>
=>1 0x007ab8f1 in iwd2 (+0x3ab8f1) (0x00000000)<br>
0x007ab8f1: movl 0x0(%eax),%ecx<br>
Wine-dbg>disassemble 0x007ab800, 0x007ab8f1<br>
0x007ab800: addb %bh,0x0(%ebx)<br>
0x007ab802: int $0x74<br>
0x007ab804: pop %ss<br>
0x007ab805: cmpl %ebx,0x390(%ecx)<br>
0x007ab80b: jz 0x007ab81c<br>
0x007ab80d: addl $0x394,%ecx<br>
0x007ab813: pushl %ecx<br>
0x007ab814: call *%edi<br>
0x007ab816: movl 0x008cf6d8,%ecx<br>
0x007ab81c: movl 0x13c(%esi),%eax<br>
0x007ab822: cmpl %ebp,%eax<br>
0x007ab824: jz 0x007ab838<br>
0x007ab826: movl 0x0(%eax),%ecx<br>
0x007ab828: pushl %eax<br>
0x007ab829: call *0x8(%ecx)<br>
0x007ab82c: movl %ebp,0x13c(%esi)<br>
0x007ab832: movl 0x008cf6d8,%ecx<br>
0x007ab838: cmpl %ebp,%ecx<br>
0x007ab83a: jz 0x007ab84d<br>
0x007ab83c: cmpl %ebx,0x390(%ecx)<br>
0x007ab842: jz 0x007ab84d<br>
0x007ab844: addl $0x394,%ecx<br>
0x007ab84a: pushl %ecx<br>
0x007ab84b: call *%edi<br>
0x007ab84d: leal 0x128(%esi),%ecx<br>
0x007ab853: call 0x007c22d0<br>
0x007ab858: movl %ebp,0x140(%esi)<br>
0x007ab85e: movl 0x008cf6d8,%eax<br>
0x007ab863: cmpl %ebp,%eax<br>
0x007ab865: jz 0x007ab87b<br>
0x007ab867: cmpl %ebx,0x390(%eax)<br>
0x007ab86d: jz 0x007ab87b<br>
0x007ab86f: addl $916,%eax<br>
0x007ab874: pushl %eax<br>
0x007ab875: call *0x8472c8
-> 0x7beb4180 RtlLeaveCriticalSection
[/home/james/development/wine/regression_testing/2005-07-18/wine/dlls/ntdll/critsection.c:407]
in ntdll<br>
0x007ab87b: cmpl %ebp,0x90(%esi)<br>
0x007ab881: jz 0x007ab8a4<br>
0x007ab883: leal 0x84(%esi),%edi<br>
0x007ab889: movl %edi,%ecx<br>
0x007ab88b: call 0x007fbe77<br>
0x007ab890: cmpl %ebp,%eax<br>
0x007ab892: jz 0x007ab89c<br>
0x007ab894: movl 0x0(%eax),%edx<br>
0x007ab896: pushl %ebx<br>
0x007ab897: movl %eax,%ecx<br>
0x007ab899: call *0x4(%edx)<br>
0x007ab89c: cmpl %ebp,0x90(%esi)<br>
0x007ab8a2: jnz 0x007ab889<br>
0x007ab8a4: cmpl %ebp,0xac(%esi)<br>
0x007ab8aa: jz 0x007ab8d8<br>
0x007ab8ac: leal 0xa0(%esi),%ebx<br>
0x007ab8b2: movl %ebx,%ecx<br>
0x007ab8b4: call 0x007fbe77<br>
0x007ab8b9: movl %eax,%edi<br>
0x007ab8bb: movl 0x58(%edi),%eax<br>
0x007ab8be: cmpl %ebp,%eax<br>
0x007ab8c0: jz 0x007ab8cb<br>
0x007ab8c2: movl 0x0(%eax),%ecx<br>
0x007ab8c4: pushl %eax<br>
0x007ab8c5: call *0x8(%ecx)<br>
0x007ab8c8: movl %ebp,0x58(%edi)<br>
0x007ab8cb: cmpl %ebp,0xac(%esi)<br>
0x007ab8d1: jnz 0x007ab8b2<br>
0x007ab8d3: movl $0x1,%ebx<br>
0x007ab8d8: cmpl %ebp,0x4(%esi)<br>
0x007ab8db: jz 0x007ab8f9<br>
0x007ab8dd: movl 0x8(%esi),%eax<br>
0x007ab8e0: cmpl %ebp,%eax<br>
0x007ab8e2: jz 0x007ab8ed<br>
0x007ab8e4: movl 0x0(%eax),%edx<br>
0x007ab8e6: pushl %eax<br>
0x007ab8e7: call *0x8(%edx)<br>
0x007ab8ea: movl %ebp,0x8(%esi)<br>
0x007ab8ed: movl 0x4(%esi),%eax<br>
0x007ab8f0: pushl %eax<br>
0x007ab8f1: movl 0x0(%eax),%ecx<br>
Wine-dbg><br>
<br>
Thanks,<br><span>
James<br>
</span>
</span></div></blockquote></div><br>
Alright, here is a disassembly of 0x007a0000 to 0x007ab8f1. There are a
lot of calls to RtlEnterCriticalSection and RtlLeaveCriticalSection,
but also some other calls, e.g. SendMessageA, SetRect, SleepEx,
lstrcpyA and some more.<br>
<br>
Is this helpful at all? Is there anything specific I should look for?<br>
<br>
Thanks,<br>
James<br>