Problem with the TEB parser

Eric Pouech eric.pouech at
Sun Sep 15 05:11:35 CDT 2002

Sylvain Petreolle a écrit :
> Hi list,
> I encounter problem with the TEB parser.
> Enabling the builtin olepro32 and run winedbg on a program that needs
> it
> stops with following errors hen halting on a read access to 0x0.
> what could I do to debug this ?
> First chance exception: page fault on read access to 0x00000000 in
> 32-bit code (0x00000000).
> Register dump:
>  CS:0023 SS:002b DS:002b ES:002b FS:008f GS:04c7
>  EIP:00000000 ESP:405c25f0 EBP:4000b6c9 EFLAGS:00010206(  R- 00  I   -
> -P1 )
>  EAX:400136bc EBX:400134c0 ECX:4000bd00 EDX:400136bc
>  ESI:00000000 EDI:00000000
> Stack dump:
> 0x405c25f0 (NTDLL.DLL.sqrt+0x396ccc): *** Invalid address 0x405c25f0
> (NTDLL.DLL.sqrt+0x396ccc)
> 0011: sel=008f base=4013e0c0 limit=00000fff 32-bit rw-
> Backtrace:
> =>0 0x00000000 (ebp=4000b6c9)
> Can't read TEB:cur_stack
> 0x00000000: *** Invalid address 0x00000000
> -- no code --

the call stack is rather ugly (or winedbg cannot look into it correctly)
anyway, the difference between esp and ebp is rather big... and esp and
ebp seem to point nowhere (cause of the bad backtrace)
sounds like a stack corruption, showing up while exiting a stack frame,
but getting to the cause is another story...

to debug this :
- try to know which function the app was into before the crash (relay
trace, and then single step)
- and then look at info on the stack

but this may take you lots of time


