Windows 进程句柄数继续增长
Windows process handle count continues to grow
我正在 Windows 10 上开发一个 C++ 项目,我注意到随着时间的推移与进程关联的句柄增加并继续增长。
在网上搜索了一个原因我不确定这是否意味着该进程有内存泄漏或者这是否正常。
分配内存然后释放内存时,我会看到句柄增加和减少吗?
我一直在使用它,因为我正在努力寻找原因:
https://docs.microsoft.com/en-us/archive/blogs/markrussinovich/pushing-the-limits-of-windows-handles
我找不到对任何在代码中创建句柄的调用。
[编辑]使用windbg打开转储的进程内容:
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\u49100\Downloads\ManagementServiceGroup.dmp]
User Mini Dump File with Full Memory: Only application data is available
Symbol search path is: srv*
Executable search path is:
Windows 10 Version 16299 MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
16299.637.x86fre.rs3_release_svc.180808-1748
Machine Name:
Debug session time: Wed Feb 5 09:56:54.000 2020 (UTC + 0:00)
System Uptime: 0 days 0:44:55.871
Process Uptime: 0 days 0:02:30.000
................................................................
.....................................
This dump file has a breakpoint exception stored in it.
The stored exception information can be accessed via .ecxr.
For analysis of this file, run !analyze -v
eax=002f1000 ebx=00000000 ecx=7707a080 edx=7707a080 esi=7707a080 edi=7707a080
eip=77041900 esp=0d24ff54 ebp=0d24ff80 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244
ntdll!DbgBreakPoint:
77041900 cc int 3
0:075> !analyze -v
ERROR: FindPlugIns 8007007b
ERROR: Some plugins may not be available [8007007b]
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for PlatformSG.dll
*** WARNING: Unable to verify checksum for ManagementServiceGroup.exe
*** WARNING: Unable to verify checksum for SlaveCommsSG.dll
*** WARNING: Unable to verify checksum for CalibrationFramework.dll
*** WARNING: Unable to verify checksum for SPLINTServer.dll
*** WARNING: Unable to verify checksum for TCPIPManager.dll
*** WARNING: Unable to verify checksum for MillikanFaults.dll
*** WARNING: Unable to verify checksum for MillikanCalibration.dll
*** WARNING: Unable to verify checksum for HBC.dll
*** WARNING: Unable to verify checksum for Machine.dll
*** WARNING: Unable to verify checksum for Vibrator.dll
*** WARNING: Unable to verify checksum for TelnetServer.dll
*** WARNING: Unable to verify checksum for UserDefects.dll
*** WARNING: Unable to verify checksum for HBCStatCollector.dll
*** WARNING: Unable to verify checksum for StatisticsArchiver.dll
*** WARNING: Unable to verify checksum for SplintVibratorCalibration.dll
*** WARNING: Unable to verify checksum for StatisticsHistorian.dll
*** WARNING: Unable to verify checksum for ModeManager.dll
*** WARNING: Unable to verify checksum for SPLINTStatDistributor.dll
*** WARNING: Unable to verify checksum for IOMillikan.dll
*** WARNING: Unable to verify checksum for ProcessControlSG.dll
*** WARNING: Unable to verify checksum for CameraGroup.dll
*** WARNING: Unable to verify checksum for ComponentLifeMonitor.dll
KEY_VALUES_STRING: 1
Key : Timeline.OS.Boot.DeltaSec
Value: 2695
Key : Timeline.Process.Start.DeltaSec
Value: 150
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
Timeline: !analyze.Start
Name: <blank>
Time: 2020-02-05T10:01:43.660Z
Diff: 289660 mSec
Timeline: Dump.Current
Name: <blank>
Time: 2020-02-05T09:56:54.0Z
Diff: 0 mSec
Timeline: Process.Start
Name: <blank>
Time: 2020-02-05T09:54:24.0Z
Diff: 150000 mSec
Timeline: OS.Boot
Name: <blank>
Time: 2020-02-05T09:11:59.0Z
Diff: 2695000 mSec
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
eax=002f1000 ebx=00000000 ecx=7707a080 edx=7707a080 esi=7707a080 edi=7707a080
eip=77041900 esp=0d24ff54 ebp=0d24ff80 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244
ntdll!DbgBreakPoint:
77041900 cc int 3
Resetting default scope
FAULTING_IP:
ntdll!DbgBreakPoint+0
77041900 cc int 3
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 77041900 (ntdll!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 00000000
PROCESS_NAME: ManagementServiceGroup.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
EXCEPTION_CODE_STR: 80000003
EXCEPTION_PARAMETER1: 00000000
WATSON_BKT_PROCSTAMP: 5e38030b
WATSON_BKT_MODULE: ntdll.dll
WATSON_BKT_MODSTAMP: 7b4896c1
WATSON_BKT_MODOFFSET: 71900
WATSON_BKT_MODVER: 10.0.16299.936
MODULE_VER_PRODUCT: Microsoft® Windows® Operating System
BUILD_VERSION_STRING: 16299.637.x86fre.rs3_release_svc.180808-1748
MODLIST_WITH_TSCHKSUM_HASH: 70177fe8843802a721ebc9381c39ea0930d91d47
MODLIST_SHA1_HASH: 88c13d9b0d70b5ff412cbabd039482499bc59744
NTGLOBALFLAG: 1100
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS: 80000004
CHKIMG_EXTENSION: !chkimg -lo 50 -d !ntdll
77030eb0-77030eb4 5 bytes - ntdll!LdrLoadDll
[ 8b ff 55 8b ec:e9 9b 68 8c fc ]
7703f780-7703f784 5 bytes - ntdll!NtAllocateVirtualMemory (+0xe8d0)
[ b8 18 00 00 00:e9 0b 69 8b fc ]
7703f800-7703f804 5 bytes - ntdll!NtFreeVirtualMemory (+0x80)
[ b8 1e 00 00 00:e9 eb 6c 8b fc ]
7703f8a0-7703f8a4 5 bytes - ntdll!NtMapViewOfSection (+0xa0)
[ b8 28 00 00 00:e9 5b 77 8b fc ]
7703f8c0-7703f8c4 5 bytes - ntdll!NtUnmapViewOfSection (+0x20)
[ b8 2a 00 00 00:e9 cb 7b 8b fc ]
7703f9c0-7703f9c4 5 bytes - ntdll!NtWriteVirtualMemory (+0x100)
[ b8 3a 00 00 00:e9 bb 73 8b fc ]
7703fa10-7703fa14 5 bytes - ntdll!NtReadVirtualMemory (+0x50)
[ b8 3f 00 00 00:e9 ab 74 8b fc ]
7703fa70-7703fa74 5 bytes - ntdll!NtQueueApcThread (+0x60)
[ b8 45 00 00 00:e9 cb 7b 8b fc ]
7703fb20-7703fb24 5 bytes - ntdll!NtProtectVirtualMemory (+0xb0)
[ b8 50 00 00 00:e9 db 6a 8b fc ]
7703fd80-7703fd84 5 bytes - ntdll!NtAlpcConnectPort (+0x260)
[ b8 76 00 00 00:e9 ab 89 8b fc ]
77040e30-77040e34 5 bytes - ntdll!NtSetContextThread (+0x10b0)
[ b8 81 01 00 00:e9 eb 76 8b fc ]
77041290-77041294 5 bytes - ntdll!NtWaitForDebugEvent (+0x460)
[ b8 c7 01 00 00:e9 7b 00 8d fc ]
77041930-77041934 5 bytes - ntdll!KiUserApcDispatcher (+0x6a0)
[ 83 3d 98 77 0e:e9 2b 82 91 fc ]
65 errors : !ntdll (77030eb0-77041934)
PRODUCT_TYPE: 1
SUITE_MASK: 272
DUMP_FLAGS: c07
DUMP_TYPE: 3
APPLICATION_VERIFIER_LOADED: 1
ANALYSIS_SESSION_HOST: HW-WOP-113835
ANALYSIS_SESSION_TIME: 02-05-2020 10:01:43.0660
ANALYSIS_VERSION: 10.0.18362.1 x86fre
THREAD_ATTRIBUTES:
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
OS_LOCALE: ENG
BUGCHECK_STR: MEMORY_CORRUPTION_PATCH_AVRF
DEFAULT_BUCKET_ID: MEMORY_CORRUPTION_PATCH_AVRF
PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION
PROBLEM_CLASSES:
ID: [0n98]
Type: [AVRF]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x4254]
TID: [0x445c]
Frame: [0] : ntdll!DbgBreakPoint
ID: [0n209]
Type: [MEMORY_CORRUPTION]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x4254]
TID: [0x445c]
Frame: [Unspecified]
ID: [0n157]
Type: [PATCH]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x4254]
TID: [0x445c]
Frame: [Unspecified]
LAST_CONTROL_TRANSFER: from 7707a0b9 to 77041900
STACK_TEXT:
00000000 00000000 memory_corruption!ntdll+0x0
STACK_COMMAND: ** Pseudo Context ** ManagedPseudo ** Value: 173e49f0 ** ; kb
THREAD_SHA1_HASH_MOD_FUNC: 646019e7612e819fc8aba56460d68e5912f8f117
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 70e2aeaf8a93e9fa2f653f0a0ed9deec52e32f7e
THREAD_SHA1_HASH_MOD: 7da7fbec386ce361a40d03d69a994bc4836f03e8
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: memory_corruption!ntdll
FOLLOWUP_NAME: MachineOwner
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: MEMORY_CORRUPTION_PATCH_AVRF_memory_corruption!ntdll
FAILURE_EXCEPTION_CODE: 80000003
IMAGE_NAME: memory_corruption
FAILURE_IMAGE_NAME: memory_corruption
BUCKET_ID_IMAGE_STR: memory_corruption
MODULE_NAME: memory_corruption
FAILURE_MODULE_NAME: memory_corruption
BUCKET_ID_MODULE_STR: memory_corruption
FAILURE_FUNCTION_NAME: ntdll
BUCKET_ID_FUNCTION_STR: ntdll
BUCKET_ID_OFFSET: 0
BUCKET_ID_MODTIMEDATESTAMP: 0
BUCKET_ID_MODCHECKSUM: 0
BUCKET_ID_MODVER_STR: 0.0.0.0
BUCKET_ID_PREFIX_STR:
FAILURE_PROBLEM_CLASS: MEMORY_CORRUPTION
FAILURE_SYMBOL_NAME: memory_corruption!ntdll
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_PATCH_AVRF_80000003_memory_corruption!ntdll
TARGET_TIME: 2020-02-05T09:56:54.000Z
OSBUILD: 16299
OSSERVICEPACK: 1146
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x86
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2014-08-09 10:57:59
BUILDDATESTAMP_STR: 180808-1748
BUILDLAB_STR: rs3_release_svc
BUILDOSVER_STR: 10.0.16299.637.x86fre.rs3_release_svc.180808-1748
ANALYSIS_SESSION_ELAPSED_TIME: 1c133
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:memory_corruption_patch_avrf_80000003_memory_corruption!ntdll
FAILURE_ID_HASH: {fff25d61-b919-7e8b-df9e-56dec8271fe1}
Followup: MachineOwner
---------
这对我来说意义不大,如果有人在如何解释这个方面有专业知识,我们将不胜感激。
[编辑 18-02-2020 另一个转储和 windbg 输出]
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Stuff\ManagementServiceGroup.dmp]
User Mini Dump File with Full Memory: Only application data is available
Symbol search path is: srv*
Executable search path is:
Windows 10 Version 14393 MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)
Machine Name:
Debug session time: Tue Feb 18 10:22:54.000 2020 (UTC + 0:00)
System Uptime: 0 days 0:41:07.933
Process Uptime: 0 days 0:40:15.000
...............................................................................................
For analysis of this file, run !analyze -v
eax=0000000d ebx=00000000 ecx=0014f96c edx=775d53d0 esi=00000001 edi=00000001
eip=775d53d0 esp=0014f96c ebp=0014fb00 iopl=0 nv up ei pl zr na pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000247
ntdll!KiFastSystemCallRet:
775d53d0 c3 ret
windbg !handle 将在显示单个句柄后提供摘要
摘要将显示每种类型有多少句柄
截图如下
cmd.exe pid 5124 有 22 个句柄
下面的命令将 windbg 附加到 pid 非侵入性地执行 !handle 并退出
gnuwin32-awk 仅过滤相关数据
cdb -pv -c "!handle;q" -p 5124 | awk "/Handles/,/quit/"
结果
:\>cdb -pv -c "!handle;q" -p 5124 | awk "/Handles/,/quit/"
23 Handles
Type Count
Event 2
File 2
Directory 1
WindowStation 2
Key 10
Process 2
Thread 1
Desktop 1
ALPC Port 2
quit:
我正在 Windows 10 上开发一个 C++ 项目,我注意到随着时间的推移与进程关联的句柄增加并继续增长。
在网上搜索了一个原因我不确定这是否意味着该进程有内存泄漏或者这是否正常。
分配内存然后释放内存时,我会看到句柄增加和减少吗?
我一直在使用它,因为我正在努力寻找原因: https://docs.microsoft.com/en-us/archive/blogs/markrussinovich/pushing-the-limits-of-windows-handles
我找不到对任何在代码中创建句柄的调用。
[编辑]使用windbg打开转储的进程内容:
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\u49100\Downloads\ManagementServiceGroup.dmp]
User Mini Dump File with Full Memory: Only application data is available
Symbol search path is: srv*
Executable search path is:
Windows 10 Version 16299 MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
16299.637.x86fre.rs3_release_svc.180808-1748
Machine Name:
Debug session time: Wed Feb 5 09:56:54.000 2020 (UTC + 0:00)
System Uptime: 0 days 0:44:55.871
Process Uptime: 0 days 0:02:30.000
................................................................
.....................................
This dump file has a breakpoint exception stored in it.
The stored exception information can be accessed via .ecxr.
For analysis of this file, run !analyze -v
eax=002f1000 ebx=00000000 ecx=7707a080 edx=7707a080 esi=7707a080 edi=7707a080
eip=77041900 esp=0d24ff54 ebp=0d24ff80 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244
ntdll!DbgBreakPoint:
77041900 cc int 3
0:075> !analyze -v
ERROR: FindPlugIns 8007007b
ERROR: Some plugins may not be available [8007007b]
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for PlatformSG.dll
*** WARNING: Unable to verify checksum for ManagementServiceGroup.exe
*** WARNING: Unable to verify checksum for SlaveCommsSG.dll
*** WARNING: Unable to verify checksum for CalibrationFramework.dll
*** WARNING: Unable to verify checksum for SPLINTServer.dll
*** WARNING: Unable to verify checksum for TCPIPManager.dll
*** WARNING: Unable to verify checksum for MillikanFaults.dll
*** WARNING: Unable to verify checksum for MillikanCalibration.dll
*** WARNING: Unable to verify checksum for HBC.dll
*** WARNING: Unable to verify checksum for Machine.dll
*** WARNING: Unable to verify checksum for Vibrator.dll
*** WARNING: Unable to verify checksum for TelnetServer.dll
*** WARNING: Unable to verify checksum for UserDefects.dll
*** WARNING: Unable to verify checksum for HBCStatCollector.dll
*** WARNING: Unable to verify checksum for StatisticsArchiver.dll
*** WARNING: Unable to verify checksum for SplintVibratorCalibration.dll
*** WARNING: Unable to verify checksum for StatisticsHistorian.dll
*** WARNING: Unable to verify checksum for ModeManager.dll
*** WARNING: Unable to verify checksum for SPLINTStatDistributor.dll
*** WARNING: Unable to verify checksum for IOMillikan.dll
*** WARNING: Unable to verify checksum for ProcessControlSG.dll
*** WARNING: Unable to verify checksum for CameraGroup.dll
*** WARNING: Unable to verify checksum for ComponentLifeMonitor.dll
KEY_VALUES_STRING: 1
Key : Timeline.OS.Boot.DeltaSec
Value: 2695
Key : Timeline.Process.Start.DeltaSec
Value: 150
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
Timeline: !analyze.Start
Name: <blank>
Time: 2020-02-05T10:01:43.660Z
Diff: 289660 mSec
Timeline: Dump.Current
Name: <blank>
Time: 2020-02-05T09:56:54.0Z
Diff: 0 mSec
Timeline: Process.Start
Name: <blank>
Time: 2020-02-05T09:54:24.0Z
Diff: 150000 mSec
Timeline: OS.Boot
Name: <blank>
Time: 2020-02-05T09:11:59.0Z
Diff: 2695000 mSec
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
eax=002f1000 ebx=00000000 ecx=7707a080 edx=7707a080 esi=7707a080 edi=7707a080
eip=77041900 esp=0d24ff54 ebp=0d24ff80 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244
ntdll!DbgBreakPoint:
77041900 cc int 3
Resetting default scope
FAULTING_IP:
ntdll!DbgBreakPoint+0
77041900 cc int 3
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 77041900 (ntdll!DbgBreakPoint)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 00000000
PROCESS_NAME: ManagementServiceGroup.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
EXCEPTION_CODE_STR: 80000003
EXCEPTION_PARAMETER1: 00000000
WATSON_BKT_PROCSTAMP: 5e38030b
WATSON_BKT_MODULE: ntdll.dll
WATSON_BKT_MODSTAMP: 7b4896c1
WATSON_BKT_MODOFFSET: 71900
WATSON_BKT_MODVER: 10.0.16299.936
MODULE_VER_PRODUCT: Microsoft® Windows® Operating System
BUILD_VERSION_STRING: 16299.637.x86fre.rs3_release_svc.180808-1748
MODLIST_WITH_TSCHKSUM_HASH: 70177fe8843802a721ebc9381c39ea0930d91d47
MODLIST_SHA1_HASH: 88c13d9b0d70b5ff412cbabd039482499bc59744
NTGLOBALFLAG: 1100
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS: 80000004
CHKIMG_EXTENSION: !chkimg -lo 50 -d !ntdll
77030eb0-77030eb4 5 bytes - ntdll!LdrLoadDll
[ 8b ff 55 8b ec:e9 9b 68 8c fc ]
7703f780-7703f784 5 bytes - ntdll!NtAllocateVirtualMemory (+0xe8d0)
[ b8 18 00 00 00:e9 0b 69 8b fc ]
7703f800-7703f804 5 bytes - ntdll!NtFreeVirtualMemory (+0x80)
[ b8 1e 00 00 00:e9 eb 6c 8b fc ]
7703f8a0-7703f8a4 5 bytes - ntdll!NtMapViewOfSection (+0xa0)
[ b8 28 00 00 00:e9 5b 77 8b fc ]
7703f8c0-7703f8c4 5 bytes - ntdll!NtUnmapViewOfSection (+0x20)
[ b8 2a 00 00 00:e9 cb 7b 8b fc ]
7703f9c0-7703f9c4 5 bytes - ntdll!NtWriteVirtualMemory (+0x100)
[ b8 3a 00 00 00:e9 bb 73 8b fc ]
7703fa10-7703fa14 5 bytes - ntdll!NtReadVirtualMemory (+0x50)
[ b8 3f 00 00 00:e9 ab 74 8b fc ]
7703fa70-7703fa74 5 bytes - ntdll!NtQueueApcThread (+0x60)
[ b8 45 00 00 00:e9 cb 7b 8b fc ]
7703fb20-7703fb24 5 bytes - ntdll!NtProtectVirtualMemory (+0xb0)
[ b8 50 00 00 00:e9 db 6a 8b fc ]
7703fd80-7703fd84 5 bytes - ntdll!NtAlpcConnectPort (+0x260)
[ b8 76 00 00 00:e9 ab 89 8b fc ]
77040e30-77040e34 5 bytes - ntdll!NtSetContextThread (+0x10b0)
[ b8 81 01 00 00:e9 eb 76 8b fc ]
77041290-77041294 5 bytes - ntdll!NtWaitForDebugEvent (+0x460)
[ b8 c7 01 00 00:e9 7b 00 8d fc ]
77041930-77041934 5 bytes - ntdll!KiUserApcDispatcher (+0x6a0)
[ 83 3d 98 77 0e:e9 2b 82 91 fc ]
65 errors : !ntdll (77030eb0-77041934)
PRODUCT_TYPE: 1
SUITE_MASK: 272
DUMP_FLAGS: c07
DUMP_TYPE: 3
APPLICATION_VERIFIER_LOADED: 1
ANALYSIS_SESSION_HOST: HW-WOP-113835
ANALYSIS_SESSION_TIME: 02-05-2020 10:01:43.0660
ANALYSIS_VERSION: 10.0.18362.1 x86fre
THREAD_ATTRIBUTES:
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
OS_LOCALE: ENG
BUGCHECK_STR: MEMORY_CORRUPTION_PATCH_AVRF
DEFAULT_BUCKET_ID: MEMORY_CORRUPTION_PATCH_AVRF
PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION
PROBLEM_CLASSES:
ID: [0n98]
Type: [AVRF]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x4254]
TID: [0x445c]
Frame: [0] : ntdll!DbgBreakPoint
ID: [0n209]
Type: [MEMORY_CORRUPTION]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x4254]
TID: [0x445c]
Frame: [Unspecified]
ID: [0n157]
Type: [PATCH]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x4254]
TID: [0x445c]
Frame: [Unspecified]
LAST_CONTROL_TRANSFER: from 7707a0b9 to 77041900
STACK_TEXT:
00000000 00000000 memory_corruption!ntdll+0x0
STACK_COMMAND: ** Pseudo Context ** ManagedPseudo ** Value: 173e49f0 ** ; kb
THREAD_SHA1_HASH_MOD_FUNC: 646019e7612e819fc8aba56460d68e5912f8f117
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 70e2aeaf8a93e9fa2f653f0a0ed9deec52e32f7e
THREAD_SHA1_HASH_MOD: 7da7fbec386ce361a40d03d69a994bc4836f03e8
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: memory_corruption!ntdll
FOLLOWUP_NAME: MachineOwner
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: MEMORY_CORRUPTION_PATCH_AVRF_memory_corruption!ntdll
FAILURE_EXCEPTION_CODE: 80000003
IMAGE_NAME: memory_corruption
FAILURE_IMAGE_NAME: memory_corruption
BUCKET_ID_IMAGE_STR: memory_corruption
MODULE_NAME: memory_corruption
FAILURE_MODULE_NAME: memory_corruption
BUCKET_ID_MODULE_STR: memory_corruption
FAILURE_FUNCTION_NAME: ntdll
BUCKET_ID_FUNCTION_STR: ntdll
BUCKET_ID_OFFSET: 0
BUCKET_ID_MODTIMEDATESTAMP: 0
BUCKET_ID_MODCHECKSUM: 0
BUCKET_ID_MODVER_STR: 0.0.0.0
BUCKET_ID_PREFIX_STR:
FAILURE_PROBLEM_CLASS: MEMORY_CORRUPTION
FAILURE_SYMBOL_NAME: memory_corruption!ntdll
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_PATCH_AVRF_80000003_memory_corruption!ntdll
TARGET_TIME: 2020-02-05T09:56:54.000Z
OSBUILD: 16299
OSSERVICEPACK: 1146
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x86
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2014-08-09 10:57:59
BUILDDATESTAMP_STR: 180808-1748
BUILDLAB_STR: rs3_release_svc
BUILDOSVER_STR: 10.0.16299.637.x86fre.rs3_release_svc.180808-1748
ANALYSIS_SESSION_ELAPSED_TIME: 1c133
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:memory_corruption_patch_avrf_80000003_memory_corruption!ntdll
FAILURE_ID_HASH: {fff25d61-b919-7e8b-df9e-56dec8271fe1}
Followup: MachineOwner
---------
这对我来说意义不大,如果有人在如何解释这个方面有专业知识,我们将不胜感激。
[编辑 18-02-2020 另一个转储和 windbg 输出]
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Stuff\ManagementServiceGroup.dmp]
User Mini Dump File with Full Memory: Only application data is available
Symbol search path is: srv*
Executable search path is:
Windows 10 Version 14393 MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)
Machine Name:
Debug session time: Tue Feb 18 10:22:54.000 2020 (UTC + 0:00)
System Uptime: 0 days 0:41:07.933
Process Uptime: 0 days 0:40:15.000
...............................................................................................
For analysis of this file, run !analyze -v
eax=0000000d ebx=00000000 ecx=0014f96c edx=775d53d0 esi=00000001 edi=00000001
eip=775d53d0 esp=0014f96c ebp=0014fb00 iopl=0 nv up ei pl zr na pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000247
ntdll!KiFastSystemCallRet:
775d53d0 c3 ret
windbg !handle 将在显示单个句柄后提供摘要
摘要将显示每种类型有多少句柄
截图如下
cmd.exe pid 5124 有 22 个句柄
下面的命令将 windbg 附加到 pid 非侵入性地执行 !handle 并退出
gnuwin32-awk 仅过滤相关数据
cdb -pv -c "!handle;q" -p 5124 | awk "/Handles/,/quit/"
结果
:\>cdb -pv -c "!handle;q" -p 5124 | awk "/Handles/,/quit/"
23 Handles
Type Count
Event 2
File 2
Directory 1
WindowStation 2
Key 10
Process 2
Thread 1
Desktop 1
ALPC Port 2
quit: