R
Ramanji Keerthi
Guest
Hi,
I am working on migrating Win32 application from VC++6.0 to VS2015. The code compiled properly. But getting crash when we are pressing button at client machine but not in developer machines. I analysed the crash dump through WinDbg and seen the crash is happening below code at CallWindowProc().Here seems we are setting User define window processor to controls instead of default window processors through below code.
extern FARPROC lpfnOldTimeEditProc ;
extern FARPROC lpfnTimeEditProc ;
lpfnTimeEditProc = MakeProcInstance ((FARPROC) TimeEditProc , hInst) ;
lpfnOldTimeEditProc = (FARPROC) GetWindowLong ( sTaskInfo [ IDC_TIME_EDIT_ID ].hWnd , GWL_WNDPROC) ;
SetWindowLong (sTaskInfo [ IDC_TIME_EDIT_ID ].hWnd ,
GWL_WNDPROC ,
(LONG) lpfnTimeEditProc) ;
return (CallWindowProc ((WNDPROC)lpfnOldTimeEditProc,
hWnd,
message,
wParam,
lParam));
Please let me know if any one faced crash issue for the above code.
Analysed the above issue in WinDBG below is the call stack. Please see it.
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [E:\NTNSECM\NEATCMCrash_1531401461.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
WARNING: Minidump contains unknown stream type 0x15
WARNING: Minidump contains unknown stream type 0x16
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols;E:\NTNSECM
Executable search path is:
Windows 7 Version 16299 MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Thu Jul 12 18:47:42.000 2018 (GMT+5)
System Uptime: not available
Process Uptime: 0 days 0:00:10.000
................................................................
.......
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(2b38.3e0c): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=0db01008 ecx=0000f5c4 edx=00000001 esi=000002cc edi=0db00ff8
eip=77cff62c esp=0535d264 ebp=0535d270 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!ZwGetContextThread+0xc:
77cff62c c20800 ret 8
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for trader.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for diCrPKI_3_5_0_0_seclore.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for diCryptoSys_2_1_0_0_seclore.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for xerces-c_2_8_0_vc8_0_seclore.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmtfs-12.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmrdm-12.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmbase-12.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmpsp-12.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for RDMHA-12.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmhttp-12.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmenc-12.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmtransport-12.dll -
*** ERROR: Module load completed but symbols could not be loaded for QIPCAP.dll
*** ERROR: Module load completed but symbols could not be loaded for FSDCCommon.dll
Failed calling InternetOpenUrl, GLE=12002
FAULTING_IP:
user32!EditWndProc+317
74a8e677 8901 mov dword ptr [ecx],eax
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 74a8e677 (user32!EditWndProc+0x00000317)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 0000f5c4
Attempt to write to address 0000f5c4
DEFAULT_BUCKET_ID: INVALID_POINTER_READ
PROCESS_NAME: trader.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 0000f5c4
WRITE_ADDRESS: 0000f5c4
FOLLOWUP_IP:
trader!TimeEditProc+a60 [e:\ws_rkeerthi\neat\cm\tws-cws\cm_fe_tcs\tws\code\sources\timeedit.c @ 892]
01189400 eb04 jmp trader!TimeEditProc+0xa66 (01189406)
FAULTING_THREAD: 00003e0c
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ_INVALID_POINTER_WRITE
LAST_CONTROL_TRANSFER: from 74a9a617 to 74a8e677
STACK_TEXT:
0535f18c 74a9a617 07e9a650 00000000 000000b0 user32!EditWndProc+0x317
0535f1c0 74abc366 07e9a650 00000000 000000b0 user32!EditWndProcWorker+0x77
0535f1f4 74a9e0bb 0016203c 000000b0 0000f5c4 user32!EditWndProcA+0x56
0535f220 74aa8849 77d19310 0016203c 000000b0 user32!_InternalCallWinProc+0x2b
0535f244 74aab145 000000b0 0000f5c4 0535f5c0 user32!InternalCallWinProc+0x20
0535f314 74aa833a 77d19310 00000000 000000b0 user32!UserCallWinProcCheckWow+0x1be
0535f35c 74a8f38b 000000b0 0000f5c4 0535f5c0 user32!CallWindowProcAorW+0xd4
0535f374 01189400 77d19310 0016203c 000000b0 user32!CallWindowProcA+0x1b
0535f3ec 74a9e0bb 0016203c 000000b0 0535f5c4 trader!TimeEditProc+0xa60 [e:\ws_rkeerthi\neat\cm\tws-cws\cm_fe_tcs\tws\code\sources\timeedit.c @ 892]
0535f418 74aa8849 00f7d7d6 0016203c 000000b0 user32!_InternalCallWinProc+0x2b
0535f43c 74aab145 000000b0 0535f5c4 0535f5c0 user32!InternalCallWinProc+0x20
0535f50c 74aaa89c 00f7d7d6 00000000 000000b0 user32!UserCallWinProcCheckWow+0x1be
0535f578 74a8b95b 07e9a650 00000000 0535f5c0 user32!SendMessageWorker+0x6ff
0535f5a0 772c0ff2 0016203c 000000b0 0535f5c4 user32!SendMessageW+0x5b
0535f5cc 772c087a 076ada54 0766a210 076ada10 msctf!CBackingStoreWin32::_GetTextState+0x52
0535f5f4 772bfacb 0535f678 772b116c 07664778 msctf!CBackingStore::Create+0x7a
0535f614 77305007 0766a210 772ba440 0535f650 msctf!CBStoreHolderWin32::QueryInterface+0x14b
0535f65c 77304e20 0535f678 07662958 00000000 msctf!CInputContext::_GetBackingStoreContext+0xab
0535f684 772e7940 00000001 00000000 68a31fb6 msctf!CInputContext::OnFocusChange+0x52
0535f738 772e8767 07647ca0 00000001 00000001 msctf!CThreadInputMgr::_SetFocus+0x510
0535fc58 772ec175 80000002 0016203c 80000002 msctf!CThreadInputMgr::OnInputFocusEvent+0x2d7
0535fcb4 74a9a91c 09bc0689 80000002 0016203c msctf!WinEventProc+0x135
0535fcf8 77d00bcd 0535fd14 00000020 0535fe5c user32!__ClientCallWinEventProc+0x4c
0535fd30 74db29ec 74ae0c2f 0535fe04 00000000 ntdll!KiUserCallbackDispatcher+0x4d
0535fd34 74ae0c2f 0535fe04 00000000 00000000 win32u!NtUserPeekMessage+0xc
0535fd64 74a89719 00000000 00000000 00000000 user32!_PeekMessage+0xcf
0535fd94 00fdfde8 0535fe04 00000000 00000000 user32!PeekMessageA+0x219
0535fe20 011e74ab 00e10000 00000000 075f3f40 trader!WinMain+0x88 [e:\ws_rkeerthi\neat\cm\tws-cws\cm_fe_tcs\tws\code\sources\crack.c @ 897]
0535fe6c 77bd8654 0516f000 77bd8630 dc219e9c trader!__scrt_common_main_seh+0xfd [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 264]
0535fe80 77cf4a77 0516f000 54ec06e4 00000000 kernel32!BaseThreadInitThunk+0x24
0535fec8 77cf4a47 ffffffff 77d19f28 00000000 ntdll!__RtlUserThreadStart+0x2f
0535fed8 00000000 00f7c61a 0516f000 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: ~0s; .ecxr ; kb
FAULTING_SOURCE_CODE:
888: }
889: }
890: // return (CallWindowProc (lpfnOldTimeEditProc,//abira changed for vs_migration15 artf587193 for warning removal
891: if(lpfnOldTimeEditProc != NULL)
> 892: return (CallWindowProc (lpfnOldTimeEditProc,
893: hWnd,
894: message,
895: wParam,
896: lParam));
897: else
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: trader!TimeEditProc+a60
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: trader
IMAGE_NAME: trader.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5b4753e9
FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_trader.exe!TimeEditProc
BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_INVALID_POINTER_WRITE_trader!TimeEditProc+a60
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOn...125/b8f77b3a/c0000005/0000e677.htm?Retriage=1
Followup: MachineOwner
---------
Regards,
RKeerthi.
Continue reading...
I am working on migrating Win32 application from VC++6.0 to VS2015. The code compiled properly. But getting crash when we are pressing button at client machine but not in developer machines. I analysed the crash dump through WinDbg and seen the crash is happening below code at CallWindowProc().Here seems we are setting User define window processor to controls instead of default window processors through below code.
extern FARPROC lpfnOldTimeEditProc ;
extern FARPROC lpfnTimeEditProc ;
lpfnTimeEditProc = MakeProcInstance ((FARPROC) TimeEditProc , hInst) ;
lpfnOldTimeEditProc = (FARPROC) GetWindowLong ( sTaskInfo [ IDC_TIME_EDIT_ID ].hWnd , GWL_WNDPROC) ;
SetWindowLong (sTaskInfo [ IDC_TIME_EDIT_ID ].hWnd ,
GWL_WNDPROC ,
(LONG) lpfnTimeEditProc) ;
return (CallWindowProc ((WNDPROC)lpfnOldTimeEditProc,
hWnd,
message,
wParam,
lParam));
Please let me know if any one faced crash issue for the above code.
Analysed the above issue in WinDBG below is the call stack. Please see it.
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [E:\NTNSECM\NEATCMCrash_1531401461.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
WARNING: Minidump contains unknown stream type 0x15
WARNING: Minidump contains unknown stream type 0x16
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols;E:\NTNSECM
Executable search path is:
Windows 7 Version 16299 MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Thu Jul 12 18:47:42.000 2018 (GMT+5)
System Uptime: not available
Process Uptime: 0 days 0:00:10.000
................................................................
.......
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(2b38.3e0c): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=0db01008 ecx=0000f5c4 edx=00000001 esi=000002cc edi=0db00ff8
eip=77cff62c esp=0535d264 ebp=0535d270 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ntdll!ZwGetContextThread+0xc:
77cff62c c20800 ret 8
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for trader.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for diCrPKI_3_5_0_0_seclore.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for diCryptoSys_2_1_0_0_seclore.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for xerces-c_2_8_0_vc8_0_seclore.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmtfs-12.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmrdm-12.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmbase-12.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmpsp-12.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for RDMHA-12.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmhttp-12.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmenc-12.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdmtransport-12.dll -
*** ERROR: Module load completed but symbols could not be loaded for QIPCAP.dll
*** ERROR: Module load completed but symbols could not be loaded for FSDCCommon.dll
Failed calling InternetOpenUrl, GLE=12002
FAULTING_IP:
user32!EditWndProc+317
74a8e677 8901 mov dword ptr [ecx],eax
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 74a8e677 (user32!EditWndProc+0x00000317)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 0000f5c4
Attempt to write to address 0000f5c4
DEFAULT_BUCKET_ID: INVALID_POINTER_READ
PROCESS_NAME: trader.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 0000f5c4
WRITE_ADDRESS: 0000f5c4
FOLLOWUP_IP:
trader!TimeEditProc+a60 [e:\ws_rkeerthi\neat\cm\tws-cws\cm_fe_tcs\tws\code\sources\timeedit.c @ 892]
01189400 eb04 jmp trader!TimeEditProc+0xa66 (01189406)
FAULTING_THREAD: 00003e0c
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ_INVALID_POINTER_WRITE
LAST_CONTROL_TRANSFER: from 74a9a617 to 74a8e677
STACK_TEXT:
0535f18c 74a9a617 07e9a650 00000000 000000b0 user32!EditWndProc+0x317
0535f1c0 74abc366 07e9a650 00000000 000000b0 user32!EditWndProcWorker+0x77
0535f1f4 74a9e0bb 0016203c 000000b0 0000f5c4 user32!EditWndProcA+0x56
0535f220 74aa8849 77d19310 0016203c 000000b0 user32!_InternalCallWinProc+0x2b
0535f244 74aab145 000000b0 0000f5c4 0535f5c0 user32!InternalCallWinProc+0x20
0535f314 74aa833a 77d19310 00000000 000000b0 user32!UserCallWinProcCheckWow+0x1be
0535f35c 74a8f38b 000000b0 0000f5c4 0535f5c0 user32!CallWindowProcAorW+0xd4
0535f374 01189400 77d19310 0016203c 000000b0 user32!CallWindowProcA+0x1b
0535f3ec 74a9e0bb 0016203c 000000b0 0535f5c4 trader!TimeEditProc+0xa60 [e:\ws_rkeerthi\neat\cm\tws-cws\cm_fe_tcs\tws\code\sources\timeedit.c @ 892]
0535f418 74aa8849 00f7d7d6 0016203c 000000b0 user32!_InternalCallWinProc+0x2b
0535f43c 74aab145 000000b0 0535f5c4 0535f5c0 user32!InternalCallWinProc+0x20
0535f50c 74aaa89c 00f7d7d6 00000000 000000b0 user32!UserCallWinProcCheckWow+0x1be
0535f578 74a8b95b 07e9a650 00000000 0535f5c0 user32!SendMessageWorker+0x6ff
0535f5a0 772c0ff2 0016203c 000000b0 0535f5c4 user32!SendMessageW+0x5b
0535f5cc 772c087a 076ada54 0766a210 076ada10 msctf!CBackingStoreWin32::_GetTextState+0x52
0535f5f4 772bfacb 0535f678 772b116c 07664778 msctf!CBackingStore::Create+0x7a
0535f614 77305007 0766a210 772ba440 0535f650 msctf!CBStoreHolderWin32::QueryInterface+0x14b
0535f65c 77304e20 0535f678 07662958 00000000 msctf!CInputContext::_GetBackingStoreContext+0xab
0535f684 772e7940 00000001 00000000 68a31fb6 msctf!CInputContext::OnFocusChange+0x52
0535f738 772e8767 07647ca0 00000001 00000001 msctf!CThreadInputMgr::_SetFocus+0x510
0535fc58 772ec175 80000002 0016203c 80000002 msctf!CThreadInputMgr::OnInputFocusEvent+0x2d7
0535fcb4 74a9a91c 09bc0689 80000002 0016203c msctf!WinEventProc+0x135
0535fcf8 77d00bcd 0535fd14 00000020 0535fe5c user32!__ClientCallWinEventProc+0x4c
0535fd30 74db29ec 74ae0c2f 0535fe04 00000000 ntdll!KiUserCallbackDispatcher+0x4d
0535fd34 74ae0c2f 0535fe04 00000000 00000000 win32u!NtUserPeekMessage+0xc
0535fd64 74a89719 00000000 00000000 00000000 user32!_PeekMessage+0xcf
0535fd94 00fdfde8 0535fe04 00000000 00000000 user32!PeekMessageA+0x219
0535fe20 011e74ab 00e10000 00000000 075f3f40 trader!WinMain+0x88 [e:\ws_rkeerthi\neat\cm\tws-cws\cm_fe_tcs\tws\code\sources\crack.c @ 897]
0535fe6c 77bd8654 0516f000 77bd8630 dc219e9c trader!__scrt_common_main_seh+0xfd [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 264]
0535fe80 77cf4a77 0516f000 54ec06e4 00000000 kernel32!BaseThreadInitThunk+0x24
0535fec8 77cf4a47 ffffffff 77d19f28 00000000 ntdll!__RtlUserThreadStart+0x2f
0535fed8 00000000 00f7c61a 0516f000 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: ~0s; .ecxr ; kb
FAULTING_SOURCE_CODE:
888: }
889: }
890: // return (CallWindowProc (lpfnOldTimeEditProc,//abira changed for vs_migration15 artf587193 for warning removal
891: if(lpfnOldTimeEditProc != NULL)
> 892: return (CallWindowProc (lpfnOldTimeEditProc,
893: hWnd,
894: message,
895: wParam,
896: lParam));
897: else
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: trader!TimeEditProc+a60
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: trader
IMAGE_NAME: trader.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5b4753e9
FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_trader.exe!TimeEditProc
BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_INVALID_POINTER_WRITE_trader!TimeEditProc+a60
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOn...125/b8f77b3a/c0000005/0000e677.htm?Retriage=1
Followup: MachineOwner
---------
Regards,
RKeerthi.
Continue reading...
