Page 2 of 2

Re: Web Page Viewer

Posted: 26 Apr 2011, 20:49
by Raptor
Ok, tak tady je jeden dump. Snad to pomuze :-)
salamand_110426_204626.rar
(841.3 KiB) Downloaded 700 times

Re: Web Page Viewer

Posted: 26 Apr 2011, 20:58
by SelfMan

Code: Select all

FAULTING_IP: 
+5267952f0180dca0
00000000 ??              ???

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 0

FAULTING_THREAD:  00001b28

DEFAULT_BUCKET_ID:  STATUS_BREAKPOINT

PROCESS_NAME:  salamand.exe

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

PRIMARY_PROBLEM_CLASS:  STATUS_BREAKPOINT

BUGCHECK_STR:  APPLICATION_FAULT_STATUS_BREAKPOINT

LAST_CONTROL_TRANSFER:  from 760d0962 to 77d1014d

STACK_TEXT:  
00378d24 760d0962 00000003 00378d74 00000001 ntdll!NtWaitForMultipleObjects+0x15
00378dc0 763a1a2c 00378d74 00378de8 00000000 KERNELBASE!WaitForMultipleObjectsEx+0x100
00378e08 75f7086a 00000003 7efde000 00000000 kernel32!WaitForMultipleObjectsExImplementation+0xe0
00378e5c 75f70b69 0000004c 00378e98 000003e8 user32!RealMsgWaitForMultipleObjectsEx+0x14d
00378e78 0662eb0d 00000002 00378e98 00000000 user32!MsgWaitForMultipleObjects+0x1f
WARNING: Stack unwind information not available. Following frames may be wrong.
00378ed0 004c2e6d 06800ea0 00360128 00000000 webpageviewer+0x3eb0d
00379148 004c73bc 00360128 06800ea0 0058f340 salamand+0xc2e6d
00379178 004a0f84 00360128 00000000 009c0c68 salamand+0xc73bc
0038e5bc 00523112 00008193 00000000 ffffffff salamand+0xa0f84
0038e5dc 75f662fa 00360128 00008193 00000000 salamand+0x123112
0038e608 75f66d3a 005230bb 00360128 00008193 user32!InternalCallWinProc+0x23
0038e680 75f677c4 00000000 005230bb 00360128 user32!UserCallWinProcCheckWow+0x109
0038e6e0 75f67bca 005230bb 00000001 0038feac user32!DispatchMessageWorker+0x3bc
0038e6f0 004d5cc5 0038fe60 00000000 008746c7 user32!DispatchMessageA+0xf
0038feac 004d65fc ffffffff 00000000 751e0000 salamand+0xd5cc5
0038feec 00536de6 00400000 00000000 008746c7 salamand+0xd65fc
0038ff88 763a33ca 7efde000 0038ffd4 77d29ed2 salamand+0x136de6
0038ff94 77d29ed2 7efde000 77338400 00000000 kernel32!BaseThreadInitThunk+0xe
0038ffd4 77d29ea5 00536cb2 7efde000 00000000 ntdll!__RtlUserThreadStart+0x70
0038ffec 00000000 00536cb2 7efde000 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  ~0s; .ecxr ; kb

FOLLOWUP_IP: 
webpageviewer+3eb0d
0662eb0d 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  webpageviewer+3eb0d

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: webpageviewer

IMAGE_NAME:  webpageviewer.spl

DEBUG_FLR_IMAGE_TIMESTAMP:  4b895302

FAILURE_BUCKET_ID:  STATUS_BREAKPOINT_80000003_webpageviewer.spl!Unknown

BUCKET_ID:  APPLICATION_FAULT_STATUS_BREAKPOINT_webpageviewer+3eb0d

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/salamand_exe/2_5_4_69/4c7f58e7/unknown/0_0_0_0/bbbbbbb4/80000003/00000000.htm?Retriage=1


Re: Web Page Viewer

Posted: 26 Apr 2011, 21:01
by Raptor
no, to jsem si zkoukl ve windbg taky, ale nepoznam kde je problem :-) Bez debug dat k tomu pluginu to asi nejde jen tak poznat.

Re: Web Page Viewer

Posted: 26 Apr 2011, 21:02
by SelfMan
Kedze nemam k dispozicii symboly k pluginu, tak ten takto. Bug vyzera vsak byt v plugine samotnom.
Zeby zabudnuty breakpoint? Aspon tak to vyzera na prvy pohlad.

Re: Web Page Viewer

Posted: 03 May 2011, 15:46
by xm
myslim, ze breakpoint tam vlozil pouzity procdump, to nebude ten pravy duvod

pro analyzu kodu na "webpageviewer+0x3eb0d" by stacil prislusny pdb nebo map soubor (mimochodem koukal jsem, ze webpageviewer.spl je komprimovany UPX,takze pred pripadnou analyzou je treba udelat "upx -d webpageviewer.spl")

Re: Web Page Viewer

Posted: 12 Mar 2012, 18:53
by Raptor
Zdravim, uz je to rok a ono to porad otravuje :-) Nejaka sance na opravu bugu? Diky.