请选择 进入手机版 | 继续访问电脑版
设为首页收藏本站

梦织未来

 找回密码
 立即注册

QQ登录

只需一步,快速开始

查看: 442|回复: 1

[求助] 如何使用windbg显示wow64进程堆栈的问题

[复制链接]

升级   2%

1

主题

0

精华

1

积分
发表于 2017-1-10 14:14:42 | 显示全部楼层 |阅读模式
win7x64的系统,由于系统总被我的程序卡死,所以通过触发蓝屏抓了个全内存dump,具体windbg操作如下,
最后想通过!wow64exts.sw 来分析32位进程堆栈时,
却提示: The current thread doesn't have a guest (WoW) context.


  1. 0: kd> !process 0 0 test.exe
  2. PROCESS fffffa8019449060
  3.     SessionId: 1  Cid: 0114    Peb: 7efdf000  ParentCid: 0818
  4.     DirBase: 25eba000  ObjectTable: fffff8a002829400  HandleCount:  31.
  5.     Image: test.exe

  6. 0: kd> !PROCESS fffffa8019449060
  7. PROCESS fffffa8019449060
  8.     SessionId: 1  Cid: 0114    Peb: 7efdf000  ParentCid: 0818
  9.     DirBase: 25eba000  ObjectTable: fffff8a002829400  HandleCount:  31.
  10.     Image: test.exe
  11.     VadRoot fffffa8019114a20 Vads 55 Clone 0 Private 185. Modified 0. Locked 0.
  12.     DeviceMap fffff8a00128cd00
  13.     Token                             fffff8a002d18a90
  14.     ElapsedTime                       00:00:04.430
  15.     UserTime                          00:00:00.000
  16.     KernelTime                        00:00:00.000
  17.     QuotaPoolUsage[PagedPool]         108400
  18.     QuotaPoolUsage[NonPagedPool]      6360
  19.     Working Set Sizes (now,min,max)  (762, 50, 345) (3048KB, 200KB, 1380KB)
  20.     PeakWorkingSetSize                762
  21.     VirtualSize                       55 Mb
  22.     PeakVirtualSize                   56 Mb
  23.     PageFaultCount                    795
  24.     MemoryPriority                    BACKGROUND
  25.     BasePriority                      8
  26.     CommitCharge                      301
  27.     Job                               fffffa80193416a0

  28.         THREAD fffffa8018f71060  Cid 0114.01d8  Teb: 000000007efdb000 Win32Thread: fffff900c00c1c30 WAIT: (DelayExecution) UserMode Non-Alertable
  29.             fffffa801b6d9030  NotificationEvent
  30.         Not impersonating
  31.         DeviceMap                 fffff8a00128cd00
  32.         Owning Process            fffffa8019449060       Image:         test.exe
  33.         Attached Process          N/A            Image:         N/A
  34.         Wait Start TickCount      268170         Ticks: 281 (0:00:00:04.383)
  35.         Context Switch Count      30             IdealProcessor: 0                 LargeStack
  36.         UserTime                  00:00:00.000
  37.         KernelTime                00:00:00.000
  38.         Win32 Start Address test!ILT+1215(_wmainCRTStartup) (0x00000000002f74c4)
  39.         Stack Init fffff880036fad70 Current fffff880036fa930
  40.         Base fffff880036fb000 Limit fffff880036f4000 Call 0
  41.         Priority 11 BasePriority 8 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
  42.         Child-SP          RetAddr           Call Site
  43.         fffff880`036fa970 fffff800`03ecd052 nt!KiSwapContext+0x7a
  44.         fffff880`036faab0 fffff800`03ecf756 nt!KiCommitThreadWait+0x1d2
  45.         fffff880`036fab40 fffff800`041bd9ee nt!KeDelayExecutionThread+0x186
  46.         fffff880`036fabb0 fffff800`03ec5153 nt!NtDelayExecution+0x59
  47.         fffff880`036fabe0 00000000`756e2dd9 nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`036fabe0)
  48.         00000000`0021e648 00000000`756e2c87 wow64cpu!CpupSyscallStub+0x9
  49.         00000000`0021e650 00000000`753fd07e wow64cpu!Thunk2ArgNSpNSpReloadState+0x21
  50.         00000000`0021e710 00000000`753fc549 wow64!RunCpuSimulation+0xa
  51.         00000000`0021e760 00000000`77bc84c8 wow64!Wow64LdrpInitialize+0x429
  52.         00000000`0021ecb0 00000000`00000000 ntdll! ?? ::FNODOBFM::`string'+0x8


  53. 0: kd> .PROCESS /p fffffa8019449060
  54. Implicit process is now fffffa80`19449060
  55. 0: kd> .THREAD /p fffffa8018f71060
  56. Implicit thread is now fffffa80`18f71060
  57. Implicit process is now fffffa80`19449060
  58. 0: kd> kb
  59.   *** Stack trace for last set context - .thread/.cxr resets it
  60. RetAddr           : Args to Child                                                           : Call Site
  61. fffff800`03ecd052 : fffffa80`18f71060 fffffa80`18f71060 fffffa80`00000000 00000000`00000000 : nt!KiSwapContext+0x7a
  62. fffff800`03ecf756 : 00000000`0021fd20 00000000`75401514 fffff880`000000f0 00000000`0021dd58 : nt!KiCommitThreadWait+0x1d2
  63. fffff800`041bd9ee : fffffa80`18f71060 00000000`75404080 00000000`7efdd000 00000000`000000f0 : nt!KeDelayExecutionThread+0x186
  64. fffff800`03ec5153 : 00000000`00000008 00000000`0017fa94 fffffffd`abf41c00 fffffa80`1b1a3c10 : nt!NtDelayExecution+0x59
  65. 00000000`756e2dd9 : 00000000`756e2c87 00000000`77d70190 00000000`753f0023 00000000`7efde000 : nt!KiSystemServiceCopyEnd+0x13
  66. 00000000`756e2c87 : 00000000`77d70190 00000000`753f0023 00000000`7efde000 00000000`0017fe24 : wow64cpu!CpupSyscallStub+0x9
  67. 00000000`753fd07e : 00000000`00000000 00000000`756e1920 00000000`0021e8e0 00000000`77bb3ae1 : wow64cpu!Thunk2ArgNSpNSpReloadState+0x21
  68. 00000000`753fc549 : 00000000`00000000 00000000`00000000 00000000`753f4ac8 00000000`7ffe0030 : wow64!RunCpuSimulation+0xa
  69. 00000000`77bc84c8 : 00000000`00562ca0 00000000`00000000 00000000`77cb3670 00000000`77c857a0 : wow64!Wow64LdrpInitialize+0x429
  70. 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll! ?? ::FNODOBFM::`string'+0x8
  71. 0: kd> !wow64exts.sw
  72. The current thread doesn't have a guest (WoW) context.
复制代码



回复

使用道具 举报

升级   100%

199

主题

64

精华

1426

积分
发表于 2017-1-10 22:09:20 | 显示全部楼层
应该是某全局锁被占用了导致系统卡死的...

至于这个命令不好意思没用过...
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|手机版|小黑屋|Archiver|mengwuji ( 粤ICP备13060035号-1 )  

GMT+8, 2017-1-19 23:02 , Processed in 0.288837 second(s), 24 queries .

Powered by Discuz! X3.2

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表