问题
The problem exists at 017D0B5F call eax
:
017D0B56 mov esi,esp
017D0B58 mov edx,dword ptr [ebp-20h]
017D0B5B push edx
017D0B5C mov eax,dword ptr [ecx+8]
017D0B5F call eax
017D0B61 cmp esi,esp
017D0B63 call @ILT+2525(__RTC_CheckEsp) (17C49E2h)
017D0B68 cmp dword ptr [ebp-2Ch],0
017D0B6C je CSourceStream::DoBufferProcessingLoop+10Ah (17D0B8Ah)
017D0B6E mov eax,dword ptr [ebp-2Ch]
017D0B71 push eax
017D0B72 push offset string "Deliver() returned %08x; stoppin"... (17F7278h)
Here's the corresponding source:
// Virtual function user will override.
hr = FillBuffer(pSample);
if (hr == S_OK) {
hr = Deliver(pSample);
pSample->Release();
// downstream filter returns S_FALSE if it wants us to
// stop or an error if it's reporting an error.
if(hr != S_OK)
{
DbgLog((LOG_TRACE, 2, TEXT("Deliver() returned %08x; stopping"), hr));
return S_OK;
}
Is it possible to infer which line in source has the problem according to disassembly?
UPDATE
What does __RTC_CheckEsp
mean ?
UPDATE2
Reproducing in debugger
UPDATE3
回答1:
Looks like it is the pSample->Release() call - what error do you get?
017D0B56 mov esi,esp
017D0B58 mov edx,dword ptr [ebp-20h] // get the pSample this pointer
017D0B5B push edx // push it
017D0B5C mov eax,dword ptr [ecx+8] // move pSample to eax
017D0B5F call eax // call it
017D0B61 cmp esi,esp // maybe a stack/heap check?
017D0B63 call @ILT+2525(__RTC_CheckEsp) (17C49E2h)
017D0B68 cmp dword ptr [ebp-2Ch],0 // if hr!=S_OK
017D0B6C je CSourceStream::DoBufferProcessingLoop+10Ah (17D0B8Ah)
017D0B6E mov eax,dword ptr [ebp-2Ch]
017D0B71 push eax // get ready to call DbgLog
017D0B72 push offset string "Deliver() returned %08x; stoppin"... (17F7278h)
回答2:
You can use the DIA SDK to query what line of source corresponds to an RVA. Note that DIA requires the symbols (i.e. PDB files). Look at this SO question on RVAs.
After you have determined the RVA for the disassembly in question you can load the PDB for that binary. Create a session and then look at the findLinesByRVA() function on the IDiaSession
interface. This will return you an enumeration of lines that correspond to that RVA. Query the resulting IDiaLineNumber
instances for what file the line number corresponds to.
Responding to your update, __RTC_CheckEsp
is a call that verifies the correctness of the esp
, stack, register. It is called to ensure that the value of the esp
was saved across a function call. It is something that the compiler inserts for you.
来源:https://stackoverflow.com/questions/3898905/is-it-possible-to-infer-which-line-in-source-has-the-problem-according-to-disass