http://www.microsoft.com/msj/0298/hood0298.aspx

有時(shí)候我們的程序crash了，會(huì)出現(xiàn)一個(gè)crash界面提示我們?cè)谑裁次恢弥袛嗔恕Ｎ覀內(nèi)绾胃鶕?jù)這個(gè)中斷地址找到對(duì)應(yīng)的行號(hào)呢？

要想達(dá)到這樣的目的，首先要進(jìn)行一些工程屬性的配置。

c/c++->常規(guī)->調(diào)試信息格式->程序數(shù)據(jù)庫(kù)
c/c++->優(yōu)化->優(yōu)化->禁用
鏈接器->調(diào)試->生成調(diào)試信息->是
            ->生成映射文件->是
            ->映射文件名稱->$(OutDir)/$(ProjectName).map
            ->映射導(dǎo)出->是
            ->映射行->是

1    int main (int argc, char* argv[])
2   {
3       char * p = 0;
4       *p = 'c';
5       return 0;
6 }

當(dāng)執(zhí)行程序的時(shí)候，顯示“test1.exe中的0x0040100e處未處理的異常：0xc000005:寫入位置0x00000000時(shí)發(fā)生訪問(wèn)沖突”

這個(gè)時(shí)候來(lái)看一下map文件。首先看到的是參考的加載地址： Preferred load address is 00400000

Timestamp is 4639462c (Thu May 03 10:17:16 2007)

 Preferred load address is 00400000

 Start         Length     Name                   Class
 0001:00000000 00003b58H .text                   CODE
 0002:00000000 000000c4H .idata$5                DATA
 0002:000000d0 00000c40H .rdata                  DATA
 0002:00000d10 00000048H .rdata$debug            DATA
 0002:00000d60 00000008H .rdata$sxdata           DATA
 0002:00000d68 00000004H .rtc$IAA                DATA
 0002:00000d6c 00000004H .rtc$IZZ                DATA
 0002:00000d70 00000004H .rtc$TAA                DATA
 0002:00000d74 00000004H .rtc$TZZ                DATA
 0002:00000d78 00000014H .idata$2                DATA
 0002:00000d8c 00000014H .idata$3                DATA
 0002:00000da0 000000c4H .idata$4                DATA
 0002:00000e64 00000366H .idata$6                DATA
 0002:000011ca 00000000H .edata                  DATA
 0003:00000000 00000004H .CRT$XCA                DATA
 0003:00000004 00000004H .CRT$XCAA               DATA
 0003:00000008 00000004H .CRT$XCZ                DATA
 0003:0000000c 00000004H .CRT$XIA                DATA
 0003:00000010 00000008H .CRT$XIC                DATA
 0003:00000018 00000004H .CRT$XIZ                DATA
 0003:0000001c 00000004H .CRT$XPA                DATA
 0003:00000020 00000004H .CRT$XPZ                DATA
 0003:00000024 00000004H .CRT$XTA                DATA
 0003:00000028 00000004H .CRT$XTZ                DATA
 0003:00000030 00000274H .data                   DATA
 0003:000002c0 00000598H .bss                    DATA

crash地址計(jì)算：calculation: crash_address - preferred_load_address - 0x1000
                            0x0040100e -0x00400000-0x1000=0x0000000e

接著在map中查找對(duì)應(yīng)的obj

 Address         Publics by Value              Rva+Base     Lib:Object

 0000:00000000       __except_list              00000000     <absolute>
 0000:00000002       ___safe_se_handler_count   00000002     <absolute>
 0001:00000000       _main                      00401000 f   test1.obj
 0001:00000017       __amsg_exit                00401017 f   LIBC:crt0.obj
 0001:0000003c       _mainCRTStartup            0040103c f   LIBC:crt0.obj
 0001:00000203       ___crtExitProcess          00401203 f   LIBC:crt0dat.obj

最后根據(jù)obj和計(jì)算的值在map中找第一個(gè)小于我們所計(jì)算的值的位置

Line numbers for .\release\test1.obj(d:\test\test1\test1\test1.cpp) segment .text

     2 0001:00000000     3 0001:00000004     4 0001:0000000b     5 0001:00000011

然后在.map中查找第一個(gè)小于我們所計(jì)算的值的位置

所以我們的中斷位置是在第4行

首先用~*kb,察看所有的線程
然后尋找Filter關(guān)鍵字所在的線程,假設(shè)出問(wèn)題的線程為12,.

首先將線程2設(shè)置為當(dāng)前線程： ~2s
因?yàn)閄cpFilter的結(jié)構(gòu)體中，第2個(gè)參數(shù)表示異常信息的指針，第3個(gè)參數(shù)是上下文的指針。
假設(shè)args to child
    0x0001 0xb5f78 0x45235

執(zhí)行.exr 0xb5f78
執(zhí)行.cxr 0x45235

執(zhí)行.kb就可以還原堆棧信息了

?

/**/ /* *******************************************************************
*?Copyright?(c)?2006,study-record?home
*?All?rights?reservered.
*
*?文件名稱?:?littersize.cpp?
*?摘????要?:?這個(gè)例子主要是用來(lái)驗(yàn)證這樣一個(gè)問(wèn)題。當(dāng)我們程序中有n個(gè)reactor的時(shí)候，是否就意味著我們支持n*FD_SETSIZE連接.
???????????????????為了驗(yàn)證這個(gè)問(wèn)題,我們傳遞一個(gè)大小為2的值給ACE_Select_Reactor的構(gòu)造函數(shù)。看是否是只支持2個(gè)連接?
???????????????????驗(yàn)證結(jié)果表明：在本例子中，由于acceptor注冊(cè)用掉了一個(gè)，而我們給定的最大的handle數(shù)為2,所以只能接受一個(gè)連接。
???????????????????在命令行下輸入：telnet?127.0.0.1?1234?,在我們第二次輸入時(shí)，
???????????????????在調(diào)用int?nRet?=?m_Reactor->register_handler(pEvent,?ACE_Event_Handler::READ_MASK);的時(shí)候一定會(huì)失敗。
???????????????????但是在命令行下輸入:telnet?127.0.0.1?2345?,在我們第三次輸入的時(shí)候，調(diào)用register_handler的時(shí)候才會(huì)失敗
???????????????????但是這樣的一段代碼存在高cpu的問(wèn)題，也就是當(dāng)把客戶端關(guān)調(diào)的時(shí)候，cpu占用率會(huì)很高?想想看，為什么呢？
???????????????????本代碼只是為了驗(yàn)證一些東西，有很多不合理的地方，請(qǐng)務(wù)仿照。
*
*?當(dāng)前版本?:?1.0
*?作????者?:?study-record???2007-2-22
*
******************************************************************** */

#include? " ace/Thread_Manager.h "
#include? " ace/Select_Reactor.h "
#include? " ace/Reactor.h "
#include? " ace/Event_Handler.h "
#include? " ace/SOCK_Acceptor.h "
#include? " ace/SOCK_Stream.h "
#include? " ace/INET_Addr.h "

const ?size_t?g_unOneMaxHandle? = ? 2 ;
const ?size_t?g_unTwoMaxhandle? = ? 4 ;


static ?ACE_THR_FUNC_RETURN?event_loop_one?( void ? * arg)?
{
????ACE_Reactor? * reacator? = ?static_cast < ACE_Reactor? *> (arg);

????reacator -> owner(ACE_Thread::self());
????reacator -> run_reactor_event_loop();
???? return ? 0 ;

}
static ?ACE_THR_FUNC_RETURN?event_loop_two?( void ? * arg)?
{
????ACE_Reactor? * reacator? = ?static_cast < ACE_Reactor? *> (arg);

????reacator -> owner(ACE_Thread::self());
????reacator -> run_reactor_event_loop();
???? return ? 0 ;
}

class ?TestHandleEvent:? public ?ACE_Event_Handler
{
public :
???? virtual ? int ?handle_input?(ACE_HANDLE?fd? = ?ACE_INVALID_HANDLE)
???? {
????????ACE_DEBUG((LM_DEBUG,? " TestHandleEvent::handle_input\n " ));
???????? return ? 0 ;
????} ;
???? virtual ? int ?handle_close?(ACE_HANDLE?handle,?ACE_Reactor_Mask?close_mask)
???? {
????????
????????ACE_DEBUG((LM_DEBUG,? " TestHandleEvent::handle_close\n " ));
????????delete? this ;
???????? return ? 0 ;

????} ;
????ACE_HANDLE?get_handle( void )? const ?
???? {
???????? return ?peer.get_handle();
????}

public :
????ACE_SOCK_Stream?peer;

} ;
class ?TestAcceptor?:? public ?ACE_Event_Handler
{
public :
???? virtual ? int ?handle_input?(ACE_HANDLE?fd? = ?ACE_INVALID_HANDLE)
???? {
????????
????????TestHandleEvent * ?pEvent? = ? new ?TestHandleEvent;
????????acceptor.accept(pEvent -> peer);
???????? int ?nRet? = ?m_Reactor -> register_handler(pEvent,?ACE_Event_Handler::READ_MASK);
???????? if ?( - 1 ? == ?nRet)
???????? {
????????????delete?pEvent;
????????????pEvent? = ?NULL;
????????}

???????? return ? 0 ;
????} ;
???? virtual ? int ?handle_close?(ACE_HANDLE?handle,?ACE_Reactor_Mask?close_mask)
???? {
????????ACE_DEBUG((LM_DEBUG,? " TestAcceptor::handle_close\n " ));
????????acceptor.close();
????????delete? this ;

???????? return ? 0 ;

????} ;
????
????
????TestAcceptor(ACE_Reactor * ?reactor):m_Reactor(reactor)
???? {
????????
????} ;
???? int ?open(unsigned? short ?usport)
???? {
????????ACE_INET_Addr?addr(usport);
????????acceptor.open(addr);
???????? return ?m_Reactor -> register_handler( this ,?ACE_Event_Handler::ACCEPT_MASK);

????} ;
????ACE_HANDLE?get_handle( void )? const ?
???? {
????????
???????? return ?acceptor.get_handle();
????}
public :
????ACE_SOCK_Acceptor?acceptor;
????ACE_Reactor * ?m_Reactor;

} ;


int ?main?( int ?argc,? char ? * argv[])
{
????

????ACE_Select_Reactor?select_reactor_one(g_unOneMaxHandle,? 0 ,? 0 ,? 0 ,? 1 );
????ACE_Reactor * ?reactor_one? = ? new ?ACE_Reactor( & select_reactor_one);

????ACE_Select_Reactor?select_reactor_two(g_unTwoMaxhandle,? 0 ,? 0 ,? 0 ,? 1 );
????ACE_Reactor * ?reactor_two? = ? new ?ACE_Reactor( & select_reactor_two);

????TestAcceptor?test_acceptor(reactor_one);
????test_acceptor.open( 1234 );

????TestAcceptor?test_acceptorw(reactor_two);
????test_acceptorw.open( 2345 );
????
????
????ACE_Thread_Manager::instance() -> spawn(event_loop_one,?reactor_one);
????ACE_Thread_Manager::instance() -> spawn(event_loop_two,?reactor_two);

???? return ?ACE_Thread_Manager::instance() -> wait();
}