VS2003 在push edi 的時候AV
原貼地址:
http://eparg.spaces.msn.com/Blog/cns!1pnPgEC6RF6WtiSBWIHdc5qQ!379.entry
原貼時間:
2005-11-1
原貼作者:
eparg
個月做一個case的時候,需要激活vs2003的unmanaged debugging. 激活後用f5調試,程序還沒有起來,vs2003 IDE就crash了 :(
當時比較忙,一直留到今天才來仔細觀察這個問題. windbg上去後,看到crash的信息如下:
(9ec.dfc): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
好,不就是熟悉的AV麼,看看EIP:
0:018> u eip
AcSpecfc!NS_NatDbgDM::JumpBuffer:
7150b698 57 push edi
AcSpecfc!NS_NatDbgDM::JumpBuffer:
7150b698 57 push edi
恩,push居然都會AV,沒天理阿。仔細想想,有兩種可能:
1) IP地址不可讀寫
2) ESP不可讀寫
可是:
0:018> !address eip
714d0000 : 7150b000 - 00005000
Type 01000000 MEM_IMAGE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageImage
FullPath C:/WINDOWS/AppPatch/AcSpecfc.dll
0:018> !address esp
104d0000 : 105cb000 - 00005000
Type 00020000 MEM_PRIVATE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageStack
Pid.Tid 9ec.dfc
714d0000 : 7150b000 - 00005000
Type 01000000 MEM_IMAGE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageImage
FullPath C:/WINDOWS/AppPatch/AcSpecfc.dll
0:018> !address esp
104d0000 : 105cb000 - 00005000
Type 00020000 MEM_PRIVATE
Protect 00000004 PAGE_READWRITE
State 00001000 MEM_COMMIT
Usage RegionUsageStack
Pid.Tid 9ec.dfc
傻了吧。有人知道怎麼做麼?(提示,該問題在打了win2k3 sp1前不會發生)
==================
解決方法,對vs2003 IDE進程取消"data execution prevention"保護。關於data execution prevention:
不過vs2003居然觸發DEP,可以考慮file一個bug了
data execution prevention