开发者

How to write a sample code that will crash and produce dump file?

I started learned windbg and I found this good post How to use WinDbg to analyze the crash dump for VC++ application?

Now I want to follow the instructions and do it step by step. Here is the problem: I need to write some sample code that can immediately crash, and create some dump files that can be used by windbg.

How t开发者_Go百科o write such code?

void Example4()
{
    int* i = NULL;
    *i = 80;
}

The above code will crash immediately; however, I don't know where to find the dump file?

Thank you


#include <Windows.h>
#include <Dbghelp.h>

void make_minidump(EXCEPTION_POINTERS* e)
{
    auto hDbgHelp = LoadLibraryA("dbghelp");
    if(hDbgHelp == nullptr)
        return;
    auto pMiniDumpWriteDump = (decltype(&MiniDumpWriteDump))GetProcAddress(hDbgHelp, "MiniDumpWriteDump");
    if(pMiniDumpWriteDump == nullptr)
        return;

    char name[MAX_PATH];
    {
        auto nameEnd = name + GetModuleFileNameA(GetModuleHandleA(0), name, MAX_PATH);
        SYSTEMTIME t;
        GetSystemTime(&t);
        wsprintfA(nameEnd - strlen(".exe"),
            "_%4d%02d%02d_%02d%02d%02d.dmp",
            t.wYear, t.wMonth, t.wDay, t.wHour, t.wMinute, t.wSecond);
    }

    auto hFile = CreateFileA(name, GENERIC_WRITE, FILE_SHARE_READ, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
    if(hFile == INVALID_HANDLE_VALUE)
        return;

    MINIDUMP_EXCEPTION_INFORMATION exceptionInfo;
    exceptionInfo.ThreadId = GetCurrentThreadId();
    exceptionInfo.ExceptionPointers = e;
    exceptionInfo.ClientPointers = FALSE;

    auto dumped = pMiniDumpWriteDump(
        GetCurrentProcess(),
        GetCurrentProcessId(),
        hFile,
        MINIDUMP_TYPE(MiniDumpWithIndirectlyReferencedMemory | MiniDumpScanMemory),
        e ? &exceptionInfo : nullptr,
        nullptr,
        nullptr);

    CloseHandle(hFile);

    return;
}

LONG CALLBACK unhandled_handler(EXCEPTION_POINTERS* e)
{
    make_minidump(e);
    return EXCEPTION_CONTINUE_SEARCH;
}

int main()
{
    SetUnhandledExceptionFilter(unhandled_handler);

    return *(int*)0;
}


This will produce a null pointer dereference exception: *((int*) 0) = 0;

This will produce integer division by zero: int a = 0; int b = 5 / a;

EDIT: Post-Mortem Debugging Your Application with Minidumps and Visual Studio .NET contains a lot of sample code and theory on using minidumps.


To create a crash dump, I would not write an unhandled exception handler as proposed by @Abyx for the following reasons:

a) in case of some buffer overflow or stack overflow, the code which handles the unhandled exception may be corrupt. In case of an OutOfMemoryException, how can you load another library like DbgHelp.dll?

b) the code which you have written may be buggy. Does that code check the free disk space before it writes the dump? How do you test the code to write a crash dump? Do you have a unit test for that? How does your unit test check if the dump is correct?

c) why write code at all if Windows can do it for you?

MSDN has an article on Collecting user mode dumps. Basically, there are some Registry settings which you can make. The advantage is: Windows will create the crash dump by the operating system, not by some corrupted code inside your own application.


If you want to see a crash dump, you need to create one. See Heisenbug: WinApi program crashes on some computers . While you may be able to get the crash dump intended to be send for WER without going through WinQual, it is a bit messy (basically you can copy it from the temporary location before it is sent away, exact details depend on your operating system), I would recommed to create your own crashdump using the Win API MiniDump provided functions. All code needed for this can be found at The CodeProject page mentioned in the linked answer.


Auto minidump generation is done by the post-mortem debugger, so you need to start there. Most importantly though, it's done by a debugger. So if you just want to generate a minidump, you can use your typical debugger (probably visual studio or windbg). Even task manager can create dump files.

The registry setting which specifies the post-mortem debugger is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

Look at the Debugger string, and you will be on your way to finding your minidumps.


Dump file can be created either programmaticaly or by program error debugger tool. In first case you can use MiniDumpWriteDump function and in the second you can use Dr. Watson (for XP: have a look at this description and this very descriptive video; for Vista, have a look here)


Most of the times you will find all apps dump in C:\windows\minidumps.

To generate a dump file you could use a simple solution:

  1. Open windbg
  2. File->Open Executable
  3. You run the app that will crash
  4. A breakpoint will trigger
  5. Now you can use .dump in windbg to create a dmp file

or

  1. Run the app and wait to crash
  2. Open windbg and attach to process (File->Attach to process)
  3. run .dump

This way you will be able to analyze that crash anytime :)


I used the code below when testing out WinDbg some time ago.

  • The code below works and will generate a crash dump
  • There are two functions so that you can see a stack trace with an obvious chain of functions.
  • To find the crash dumps, search for *.dmp or *.mdmp in C:\Users
  • It's probably best to let the OS generate the dump for you. This is probably how most of the real crash dumps you see will be generated.
  • The code works by first allocating 1 KiB of memory, then writing both it and the following 1 KiB with a recognizable hexadecimal value. This usually hits a page of memory marked by the OS as non-writeable, which will trigger the crash.

#include "stdafx.h"
#include "stdio.h"
#include "malloc.h"

void Function2(int * ptr2)
{
    for(int i=0; i < (2 * 1024); i++)
    {
        *ptr2++ = 0xCAFECAFE;
    }
}

void Function1()
{
    int * ptr1 = (int *)malloc(1024 * sizeof(int));

    Function2(ptr1);
}

int _tmain(int argc, _TCHAR* argv[])
{
    printf("Press enter to allocate and corrupt.\r\n");
    getc(stdin);

    printf("Allocating and corrupting...\r\n");
    Function1();

    printf("Done.  Press enter to exit process.\r\n");
    getc(stdin);

    return 0;
}


Try this:

int main()
{
   int v[5];

   printf("%d", v[10]);
   return 0;
}

or access a random memory location.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜