Martin Schreiber <mse00...@gmail.com>
писал(а) в своём письме Fri, 22 Jun 2012 11:08:16 +0500:
> Martin Schreiber wrote:
>
>> As I feared, gdb can not unwind the stack. Not it becomes difficult...
>
>
MSEIDE runs GDB within:
Threads by ProcExplorer:
MSEIDE:
id=2028, Wait:Executive => Seems to be the main thread
ntoskrnl.exe+0x47f3
ntoskrnl.exe!PsGetContextThread+0x329
ntoskrnl.exe!FsRtlInitializeFileLock+0x83f
ntoskrnl.exe!FsRtlInitializeFileLock+0x87e
ntoskrnl.exe!RtlRemoveUnicodePrefix+0x991
ntoskrnl.exe!IoCheckFunctionAccess+0x77dd
ntoskrnl.exe!RtlAddAtomToAtomTable+0x3f3
ntoskrnl.exe!RtlAddAtomToAtomTable+0x59b
ntoskrnl.exe!RtlAddAtomToAtomTable+0x60c
ntoskrnl.exe!NtClose+0x1d
PROCMON20.SYS+0x4871
ntoskrnl.exe!ZwYieldExecution+0xb78
ntdll.dll!KiFastSystemCallRet
kernel32.dll!FindFirstFileW+0x16
mseide.exe+0x10cf19
mseide.exe+0x118e0b
mseide.exe+0x116987
mseide.exe+0x128e28
mseide.exe+0x1e114b
mseide.exe+0x242c9d
mseide.exe+0x2429e9
mseide.exe+0x40492
mseide.exe+0x5f807
mseide.exe+0x5fdea
mseide.exe+0x3d9cb
mseide.exe+0x1375e5
mseide.exe+0x161da9
mseide.exe+0x979bd
mseide.exe+0x99b54
mseide.exe+0x2560c
mseide.exe+0xe8284
mseide.exe+0x2560c
mseide.exe+0xe8284
mseide.exe+0x17eea7
mseide.exe+0x2560c
mseide.exe+0xe8284
mseide.exe+0x256a3
mseide.exe+0xe8284
mseide.exe+0x17eea7
mseide.exe+0x256a3
mseide.exe+0xe8284
mseide.exe+0x256a3
mseide.exe+0xe8284
mseide.exe+0x17eea7
mseide.exe+0x256a3
mseide.exe+0xe8284
mseide.exe+0x256a3
mseide.exe+0xe8284
mseide.exe+0x256a3
mseide.exe+0xe8284
mseide.exe+0x17eea7
mseide.exe+0x256a3
mseide.exe+0xe8284
mseide.exe+0x256a3
mseide.exe+0xe8284
mseide.exe+0x256a3
mseide.exe+0xe8284
mseide.exe+0x24dd1
mseide.exe+0x2c062
mseide.exe+0x2fac8
mseide.exe+0x312ed
mseide.exe+0x32747
mseide.exe+0x1302f5
mseide.exe+0x26d7
mseide.exe+0x11481
id=1928. Wait: Executive
ntoskrnl.exe!ExReleaseResourceLite+0x1a3
ntoskrnl.exe!PsGetContextThread+0x329
ntoskrnl.exe!FsRtlInitializeFileLock+0x83f
ntoskrnl.exe!FsRtlInitializeFileLock+0x87e
ntoskrnl.exe!PsCreateSystemThread+0x136
ntoskrnl.exe!NtNotifyChangeDirectoryFile+0x182
ntoskrnl.exe!ZwYieldExecution+0xb78
ntdll.dll!KiFastSystemCallRet
mseide.exe+0x26ff19
mseide.exe+0x12c303
mseide.exe+0x10bb01
mseide.exe+0xf3d2
kernel32.dll!GetModuleFileNameA+0x1ba
id=3432, Wait:Executive === ACTIVE ON INTERRUPTION
ntoskrnl.exe!ExReleaseResourceLite+0x1a3
ntoskrnl.exe!PsGetContextThread+0x329
ntoskrnl.exe!FsRtlInitializeFileLock+0x83f
ntoskrnl.exe!FsRtlInitializeFileLock+0x87e
ntoskrnl.exe!PsCreateSystemThread+0x136
ntoskrnl.exe!FsRtlIncrementCcFastReadWait+0xd1
ntoskrnl.exe!ZwYieldExecution+0xb78
ntdll.dll!KiFastSystemCallRet
mseide.exe+0x10b2bb
mseide.exe+0x147f29
mseide.exe+0x12c303
mseide.exe+0x10bb01
mseide.exe+0xf3d2
kernel32.dll!GetModuleFileNameA+0x1ba
GDB
id=4084, Wait:UserRequest
ntoskrnl.exe+0x47f3
ntoskrnl.exe!PsGetContextThread+0x329
ntoskrnl.exe!FsRtlInitializeFileLock+0x83f
ntoskrnl.exe!FsRtlInitializeFileLock+0x87e
ntoskrnl.exe!ProbeForWrite+0x4eb
ntoskrnl.exe!ZwYieldExecution+0xb78
ntdll.dll!KiFastSystemCallRet
kernel32.dll!WaitForMultipleObjects+0x18
gdb.exe+0x20a1c
id=1196, Ready
ntoskrnl.exe!ExReleaseResourceLite+0x1a3
ntoskrnl.exe!PsGetContextThread+0x329
ntoskrnl.exe!FsRtlInitializeFileLock+0x83f
ntoskrnl.exe!FsRtlInitializeFileLock+0x87e
ntoskrnl.exe!NtWaitForSingleObject+0x94
ntoskrnl.exe!ZwYieldExecution+0xb78
ntdll.dll!KiFastSystemCallRet
kernel32.dll!WaitForSingleObject+0x12
gdb.exe+0xf283b
id=3448, Wait: Executive, created on interruption, suspends other threads
ntoskrnl.exe+0x47f3
ntoskrnl.exe!PsGetContextThread+0x329
ntoskrnl.exe!FsRtlInitializeFileLock+0x83f
ntoskrnl.exe!FsRtlInitializeFileLock+0x87e
ntoskrnl.exe!LsaDeregisterLogonProcess+0xf8fa
ntoskrnl.exe!LsaDeregisterLogonProcess+0x10a6a
ntoskrnl.exe!RtlQueryRegistryValues+0x116e7
ntoskrnl.exe!strnicmp+0x2aa
ntoskrnl.exe!Kei386EoiHelper+0x1d9
ntdll.dll!DbgBreakPoint+0x1
---------------------------------------
Thread state by MSEide:
#0 3448 unknown 0x7c90120f in ?? () => created on External intteruption
The stack:
#0 7C90120F :0 ??()
#1 7C80B729 :0 ??()
#2 00000000 :0 ??()
#1 3432 *active* 0x7c90e514 in ?? () == ACTIVE WHEN INTERRUPTION
The stack:
#0 7C90E514 :0 ??()
#1 7C90D9DA :0 ??()
#2 0050B2BB msesysintf.pas:356 SYS_READ(FD=1744, BUF=0x6480d00,
NBYTES=2048)
#3 00547F29 msepipestream.pas:440
TPIPEREADER__EXECTHREAD(THREAD=0x11d330, this=<error reading variable>)
#4 0052C303 msethread.pas:318
TMSETHREAD__INTERNALTHREADPROC(this=<error reading variable>)
#5 0050BB01 msesysintf.pas:609 THREADEXEC(INFOPO=0x11d334)
#6 0040F3D2 msesysintf.pas:0 SYSTEM_THREADMAIN$POINTER$$LONGINT()
#7 7C80B729 msesysintf.pas:0 ??()
#8 00000000 msesysintf.pas:0 ??()
#2 1928 unknown 0x7c90e514 in ?? ()
The stack:
#0 7C90E514 :0 ??()
#1 7C90D54A :0 ??()
#2 0066FF19 :0
MSEFILECHANGE_TDIRCHANGETHREAD_$__EXECUTE$TMSETHREAD$$LONGINT()
#3 0052C303 msethread.pas:318
TMSETHREAD__INTERNALTHREADPROC(this=<error reading variable>)
#4 0050BB01 msesysintf.pas:609 THREADEXEC(INFOPO=0x6467bac)
#5 0040F3D2 msesysintf.pas:0 SYSTEM_THREADMAIN$POINTER$$LONGINT()
#6 7C80B729 msesysintf.pas:0 ??()
#7 00000000 msesysintf.pas:0 ??()
#3 2028 unknown 0x7c90e514 in ?? ()
The stack:
#0 7C90E514 :0 ??()
#1 7C90CFFA :0 ??()
#2 7C80EF97 :0 ??()
#3 0050CF19 msesysintf.pas:1425 SYS_GETFILEINFO(PATH=0x9fbc0
'/D:/GITROOT/podpiska/readcert.pas.$$$1924', INFO={NAME = 0x0, STATE = [],
EXTINFO1 = {FILETYPE = FT_UNKNOWN, ATTRIBUTES = [], SIZE = 0, MODTIME =
0, ACCESSTIME = 0, CTIME = 0}, EXTINFO2 = {ID = 0, OWNER = 0, GROUP = 0}})
#4 00518E0B msefileutils.pas:1034 FINDFILE(FILENAME=0x9fbc0
'/D:/GITROOT/podpiska/readcert.pas.$$$1924')
#5 00516987 msefileutils.pas:283 INTERMEDIATEFILENAME(ANAME=0x93098
'/D:/GITROOT/podpiska/readcert.pas', result=0x0)
#6 00528E28 msestream.pas:998
TMSEFILESTREAM__CREATETRANSACTION(AFILENAME=0x93098
'/D:/GITROOT/podpiska/readcert.pas', RIGHTS=[S_IRUSR..S_IWUSR,
S_IRGRP..S_IWGRP, S_IROTH..S_IWOTH], vmt=0x7d5790, this=<error reading
variable>)
#7 005E114B msestream.pas:0
MSETEXTEDIT_TCUSTOMTEXTEDIT_$__SAVETOFILE$UNICODESTRING()
#8 00642C9D msestream.pas:0
SOURCEPAGE_TSOURCEPAGE_$__SAVE$UNICODESTRING()
#9 006429E9 msestream.pas:0
SOURCEPAGE_TSOURCEPAGE_$__CHECKSAVE$BOOLEAN$BOOLEAN$$MODALRESULTTY()
#10 00440492 msestream.pas:0
SOURCEFORM_TSOURCEFO_$__SAVEALL$BOOLEAN$$MODALRESULTTY()
#11 0045F807 msestream.pas:0 MAIN_TMAINFO_$__DOMAKE$LONGINT()
#12 0045FDEA msestream.pas:0
MAIN_TMAINFO_$__CHECKREMAKE$STARTCOMMANDTY$$BOOLEAN()
#13 0043D9CB msestream.pas:0
ACTIONSMODULE_TACTIONSMO_$__CONTINUEACTONEXECUTE$TOBJECT()
#14 005375E5 mseact.pas:377 DOACTIONEXECUTE1(SENDER=0xf3488,
INFO={ACTION = 0x7d200, CAPTIONTEXT = 0x72858 '&Continue', CAPTION1 =
{TEXT = 0x645a4a8 'Continue', FORMAT = 0x92008, FLAGS = []}, STATE = [],
OPTIONS = [], SHORTCUT = 0x77380, SHORTCUT1 = 0x0, GROUP = 0, IMAGENR = 4,
IMAGENRDISABLED = 17, COLORGLYPH = 2147483649, COLOR = 2147483649,
IMAGECHECKEDOFFSET = 0, IMAGELIST = 0xf2ee8, HINT = 0x72878 'Continue',
TAG = 0, TAGPOINTER = 0x0, ONEXECUTE = 0x43d9b0
<ACTIONSMODULE_TACTIONSMO_$__CONTINUEACTONEXECUTE$TOBJECT>,
ONBEFOREEXECUTE = 0}, CHANGED=false, NOCHECKBOX=false, NOCANDEFOCUS=false,
BEFOREEXECUTE=0)
#15 00561DA9 mseactions.pas:1079 DOACTIONSHORTCUT(SENDER=0xf3488,
INFO={ACTION = 0x7d200, CAPTIONTEXT = 0x72858 '&Continue', CAPTION1 =
{TEXT = 0x645a4a8 'Continue', FORMAT = 0x92008, FLAGS = []}, STATE = [],
OPTIONS = [], SHORTCUT = 0x77380, SHORTCUT1 = 0x0, GROUP = 0, IMAGENR = 4,
IMAGENRDISABLED = 17, COLORGLYPH = 2147483649, COLOR = 2147483649,
IMAGECHECKEDOFFSET = 0, IMAGELIST = 0xf2ee8, HINT = 0x72878 'Continue',
TAG = 0, TAGPOINTER = 0x0, ONEXECUTE = 0x43d9b0
<ACTIONSMODULE_TACTIONSMO_$__CONTINUEACTONEXECUTE$TOBJECT>,
ONBEFOREEXECUTE = 0}, KEYINFO={EVENTKIND = EK_KEYPRESS, KEY = KEY_F9,
KEYNOMOD = KEY_F9, CHARS = 0x0, SHIFTSTATE = [], EVENTSTATE =
[ES_PROCESSED], TIMESTAMP = 425515000})
[.........]
PS:
Should Me reinstall my system or we'll continue the investigations ?
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
mseide-msegui-talk mailing list
mseide-msegui-talk@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mseide-msegui-talk
