Re: Program fault in-between two machine instructions

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


"Oleg Starodumov" <com-dot-debuginfo-at-oleg> wrote in message
news:%2313JgG3tFHA.904@xxxxxxxxxxxxxxxxxxxxxxx
>
> > Can a crash occur at a location in-between two machine instructions?
> >
> > After my program crashed, my program-generated crash log indicated the
crash
> > occurred at the instruction at offset 85 hex in the function a portion
of
> > which I am posting below:
> >
> > 00078 8b 56 78 mov edx, DWORD PTR [esi+120]
> > 0007b 8d 4e 78 lea ecx, DWORD PTR [esi+120]
> > 0007e ff 52 20 call DWORD PTR [edx+32]
> > 00081 8b 86 b4 00 00 00 mov eax, DWORD PTR [esi+180]
> > 00087 8d 8e b4 00 00 00 lea ecx, DWORD PTR [esi+180]
> > 0008d ff 50 20 call DWORD PTR [eax+32]
> >
> > The above code was generated by Visual Studio with the /FAcs option. As
you
> > can see, no instruction starts at 85 hex. I verified that the code that
> > crashed was same version as I compiled to get the listing. So my
question
> > is, does the value of the instruction pointer (85 hex) itself indicate a
> > problem?
>
> Yes, it can indicate a problem. This situation can happen when control
> is transferred to a wrong place in the code.
>
> Some possible reasons can be:
> - Stack corruption (e.g. buffer overwrite into an area where a pointer is
stored,
> e.g. return address of a function)
> - Function call through a bad pointer
> - Heap corruption (e.g. vtable pointer of a C++ object stored on the heap
> can be corrupted)
> - Function prototype mismatch
>
> Do you have any other information about the crash? (In addition to the
address
> of the failed instruction - e.g. registers, call stack, etc.?)
>
> Regards,
> Oleg
> [VC++ MVP]
>

Oleg, thank you for your reply. I found out the problem - it was incorrect
interpretation of the linker map. I was subtracting the program load point
(0x00400000) but neglecting the offset for the Portable Executable header
(0x1000). When I subtracted another hex 1000, I found an instruction
starting at that address.

See http://www.codeproject.com/debug/mapfile.asp

Best, TS


.

Relevant Pages

  • Program fault in-between two machine instructions
    ... Can a crash occur at a location in-between two machine instructions? ... After my program crashed, my program-generated crash log indicated the crash ... no instruction starts at 85 hex. ...
    (microsoft.public.vc.debugger)
  • Re: Program fault in-between two machine instructions
    ... > After my program crashed, my program-generated crash log indicated the crash ... no instruction starts at 85 hex. ... - Stack corruption (e.g. buffer overwrite into an area where a pointer is stored, ...
    (microsoft.public.vc.debugger)
  • Re: "Attempt to execute non-executable address" on Server 2008 when Terminal Services installed
    ... You wrote that the crash occurs immediately when maincalls ... exactly the first assembler instruction in the child function ... that causes stack corruption, or changes DEP status of the ... There's never any guarantee that there's no bug in the init code, ...
    (microsoft.public.win32.programmer.kernel)
  • Re: synchronous freebsd print
    ... and I believe this will be a common requirement. ... I do a print of some data and then immediately in a next statement there is a crash. ... before executing the next instruction. ...
    (freebsd-hackers)
  • Re: Reading a Wnd structure...
    ... But you can manually locate ValidateHwnd ... // make a function pointer ... you search for the first CALL instruction. ... call-instruction inside GetWindowRect. ...
    (microsoft.public.win32.programmer.kernel)