标签:
什么是 MAP 文件?简单地讲, MAP 文件是程序的全局符号、源文件和代码行号信息的唯一的文本表示方法,它可以在任何地方、任何时候使用,不需要有额外的程序进行支持。而且,这是唯一能找出程序崩溃的地方的救星。
(1)VC6.0 按下 Alt+F7 ,打开“Project Settings”选项页,选择 C/C++ 选项卡,并在最下面的 Project Options 里面输入:/Zd ,然后要选择 Link 选项卡,在最下面的 Project Options 里面输入: /mapinfo:lines 和 /map:PROJECT_NAME.map 。最后按下 F7 来编译生成 EXE 可执行文件和 MAP 文件。
其中,Line Numbers Only选不选没什么影响,主要是Project Options 里面输入: /mapinfo:lines
/Zi — 表示生成pdb调试信息;
/MAP[:filename] — 表示生成map文件名;
/MAPINFO:EXPORTS — 表示生成的map文件中加入exported functions(生成DLL文件时);
/MAPINFO:LINES — 表示生成的map文件中加入代码行信息。
(2)VS2010 首先配置vc2010生成map文件和cod文件:
1)**.map文件:**property->Configuration Properties->Linker->Debugging 中的Generate Map File选择Yes(/MAP);
include <stdio.h>
include "kdvtype.h"
void Crash(void)
{
s8 i = 1;
s8 j = 1;
i /= (j-1);
}
int main(void)
{
Crash();
return 0;
} Crash地址:0x0040101a
crash //―――模块名
Timestamp is 57342463 (Thu May 12 14:36:19 2016) //―――时间戳
Preferred load address is 00400000 //―――默认加载基地址
//各节的起始地址、长度、节名、类型等信息
Start Length Name Class
0001:00000000 00004152H .text CODE
0002:00000000 000000a0H .idata$5 DATA
0002:000000a0 000003b4H .rdata DATA
0002:00000454 00000014H .idata$2 DATA
0002:00000468 00000014H .idata$3 DATA
0002:0000047c 000000a0H .idata$4 DATA
0002:0000051c 000002b8H .idata$6 DATA
0002:000007d4 00000000H .edata DATA
0003:00000000 00000004H .CRT$XCA DATA
0003:00000004 00000004H .CRT$XCZ DATA
0003:00000008 00000004H .CRT$XIA DATA
0003:0000000c 00000004H .CRT$XIC DATA
0003:00000010 00000004H .CRT$XIZ DATA
0003:00000014 00000004H .CRT$XPA DATA
0003:00000018 00000004H .CRT$XPZ DATA
0003:0000001c 00000004H .CRT$XTA DATA
0003:00000020 00000004H .CRT$XTZ DATA
0003:00000030 00002490H .data DATA
0003:000024c0 0000051cH .bss DATA
//各符号在节内的偏移地址、加载地址及符号出处
Address Publics by Value Rva+Base Lib:Object
0001:00000000 ?Crash@@YAXXZ 00401000 f crash.obj
0001:00000023 _main 00401023 f crash.obj
0001:0000002f _mainCRTStartup 0040102f f LIBC:crt0.obj
0001:0000010e __amsg_exit 0040110e f LIBC:crt0.obj
0001:00000157 __cinit 00401157 f LIBC:crt0dat.obj
0001:00000184 _exit 00401184 f LIBC:crt0dat.obj
0001:00000195 __exit 00401195 f LIBC:crt0dat.obj
0001:000001a6 __cexit 004011a6 f LIBC:crt0dat.obj
0001:000001b5 __c_exit 004011b5 f LIBC:crt0dat.obj
0001:00000277 __XcptFilter 00401277 f LIBC:winxfltr.obj
0001:000003fb __setenvp 004013fb f LIBC:stdenvp.obj
0001:000004b4 __setargv 004014b4 f LIBC:stdargv.obj
0001:00000701 ___crtGetEnvironmentStringsA 00401701 f LIBC:a_env.obj
0001:00000833 __ioinit 00401833 f LIBC:ioinit.obj
0001:000009de __ioterm 004019de f LIBC:ioinit.obj
0001:00000a01 __GetLinkerVersion 00401a01 f LIBC:heapinit.obj
0001:00000a2e ___heap_select 00401a2e f LIBC:heapinit.obj
0001:00000b76 __heap_init 00401b76 f LIBC:heapinit.obj
0001:00000bd3 __heap_term 00401bd3 f LIBC:heapinit.obj
0001:00000c7c __global_unwind2 00401c7c f LIBC:exsup.obj
0001:00000cbe __local_unwind2 00401cbe f LIBC:exsup.obj
0001:00000d16 __NLG_Return2 00401d16 f LIBC:exsup.obj
0001:00000d26 __abnormal_termination 00401d26 f LIBC:exsup.obj
0001:00000d49 __NLG_Notify1 00401d49 f LIBC:exsup.obj
0001:00000d52 __NLG_Notify 00401d52 f LIBC:exsup.obj
0001:00000d65 __NLG_Dispatch 00401d65 f LIBC:exsup.obj
0001:00000d74 __except_handler3 00401d74 f LIBC:exsup3.obj
0001:00000e31 __seh_longjmp_unwind@4 00401e31 f LIBC:exsup3.obj
0001:00000e4c __FF_MSGBANNER 00401e4c f LIBC:crt0msg.obj
0001:00000e85 __NMSG_WRITE 00401e85 f LIBC:crt0msg.obj
0001:00000fd8 __GET_RTERRMSG 00401fd8 f LIBC:crt0msg.obj
0001:00001009 _free 00402009 f LIBC:free.obj
0001:00001080 _strcpy 00402080 f LIBC:strcat.obj
0001:00001090 _strcat 00402090 f LIBC:strcat.obj
0001:00001170 _malloc 00402170 f LIBC:malloc.obj
0001:00001182 __nh_malloc 00402182 f LIBC:malloc.obj
0001:000011ae __heap_alloc 004021ae f LIBC:malloc.obj
0001:00001230 _strlen 00402230 f LIBC:strlen.obj
0001:000012ab __setmbcp 004022ab f LIBC:mbctype.obj
0001:0000166f __getmbcp 0040266f f LIBC:mbctype.obj
0001:0000167f ___initmbctable 0040267f f LIBC:mbctype.obj
0001:000016a0 _memcpy 004026a0 f LIBC:memcpy.obj
0001:000019d5 _strtol 004029d5 f LIBC:strtol.obj
0001:00001bf4 _strtoul 00402bf4 f LIBC:strtol.obj
0001:00001c20 _strchr 00402c20 f LIBC:strchr.obj
0001:00001c26 ___from_strstr_to_strchr 00402c26 f LIBC:strchr.obj
0001:00001ce0 _strstr 00402ce0 f LIBC:strstr.obj
0001:00001d60 _strncmp 00402d60 f LIBC:strncmp.obj
0001:00001da0 __alloca_probe 00402da0 f LIBC:chkstk.obj
0001:00001da0 __chkstk 00402da0 f LIBC:chkstk.obj
0001:00001dcf __get_sbh_threshold 00402dcf f LIBC:sbheap.obj
0001:00001dee __set_sbh_threshold 00402dee f LIBC:sbheap.obj
0001:00001ea1 ___sbh_heap_init 00402ea1 f LIBC:sbheap.obj
0001:00001ee9 ___sbh_find_block 00402ee9 f LIBC:sbheap.obj
0001:00001f14 ___sbh_free_block 00402f14 f LIBC:sbheap.obj
0001:0000223d ___sbh_alloc_block 0040323d f LIBC:sbheap.obj
0001:00002546 ___sbh_alloc_new_region 00403546 f LIBC:sbheap.obj
0001:000025f7 ___sbh_alloc_new_group 004035f7 f LIBC:sbheap.obj
0001:000026f2 ___sbh_resize_block 004036f2 f LIBC:sbheap.obj
0001:000029e8 ___sbh_heapmin 004039e8 f LIBC:sbheap.obj
0001:00002ab9 ___sbh_heap_check 00403ab9 f LIBC:sbheap.obj
0001:00002de8 __get_old_sbh_threshold 00403de8 f LIBC:sbheap.obj
0001:00002dee __set_old_sbh_threshold 00403dee f LIBC:sbheap.obj
0001:00002e0a ___old_sbh_new_region 00403e0a f LIBC:sbheap.obj
0001:00002f4e ___old_sbh_release_region 00403f4e f LIBC:sbheap.obj
0001:00002fa4 ___old_sbh_decommit_pages 00403fa4 f LIBC:sbheap.obj
0001:00003066 ___old_sbh_find_block 00404066 f LIBC:sbheap.obj
0001:000030bd ___old_sbh_free_block 004040bd f LIBC:sbheap.obj
0001:00003102 ___old_sbh_alloc_block 00404102 f LIBC:sbheap.obj
0001:0000330a ___old_sbh_alloc_block_from_page 0040430a f LIBC:sbheap.obj
0001:0000342e ___old_sbh_resize_block 0040442e f LIBC:sbheap.obj
0001:000034d7 ___old_sbh_heap_check 004044d7 f LIBC:sbheap.obj
0001:00003635 ___crtMessageBoxA 00404635 f LIBC:crtmbox.obj
0001:000036c0 _strncpy 004046c0 f LIBC:strncpy.obj
0001:000037be ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z 004047be f LIBC:handler.obj
0001:000037ce ?_query_new_handler@@YAP6AHI@ZXZ 004047ce f LIBC:handler.obj
0001:000037d4 __callnewh 004047d4 f LIBC:handler.obj
0001:000037ef ___crtLCMapStringA 004047ef f LIBC:a_map.obj
0001:00003a3e ___crtGetStringTypeA 00404a3e f LIBC:a_str.obj
0001:00003b87 __toupper 00404b87 f LIBC:toupper.obj
0001:00003b8f _toupper 00404b8f f LIBC:toupper.obj
0001:00003c5b __isctype 00404c5b f LIBC:isctype.obj
0001:00003cd0 _memmove 00404cd0 f LIBC:memmove.obj
0001:00004010 _memset 00405010 f LIBC:memset.obj
0001:00004068 _GetCommandLineA@0 00405068 f kernel32:KERNEL32.dll
0001:0000406e _GetVersion@0 0040506e f kernel32:KERNEL32.dll
0001:00004074 _ExitProcess@4 00405074 f kernel32:KERNEL32.dll
0001:0000407a _TerminateProcess@8 0040507a f kernel32:KERNEL32.dll
0001:00004080 _GetCurrentProcess@0 00405080 f kernel32:KERNEL32.dll
0001:00004086 _UnhandledExceptionFilter@4 00405086 f kernel32:KERNEL32.dll
0001:0000408c _GetModuleFileNameA@12 0040508c f kernel32:KERNEL32.dll
0001:00004092 _FreeEnvironmentStringsA@4 00405092 f kernel32:KERNEL32.dll
0001:00004098 _FreeEnvironmentStringsW@4 00405098 f kernel32:KERNEL32.dll
0001:0000409e _WideCharToMultiByte@32 0040509e f kernel32:KERNEL32.dll
0001:000040a4 _GetEnvironmentStrings@0 004050a4 f kernel32:KERNEL32.dll
0001:000040aa _GetEnvironmentStringsW@0 004050aa f kernel32:KERNEL32.dll
0001:000040b0 _SetHandleCount@4 004050b0 f kernel32:KERNEL32.dll
0001:000040b6 _GetStdHandle@4 004050b6 f kernel32:KERNEL32.dll
0001:000040bc _GetFileType@4 004050bc f kernel32:KERNEL32.dll
0001:000040c2 _GetStartupInfoA@4 004050c2 f kernel32:KERNEL32.dll
0001:000040c8 _GetModuleHandleA@4 004050c8 f kernel32:KERNEL32.dll
0001:000040ce _GetEnvironmentVariableA@12 004050ce f kernel32:KERNEL32.dll
0001:000040d4 _GetVersionExA@4 004050d4 f kernel32:KERNEL32.dll
0001:000040da _HeapDestroy@4 004050da f kernel32:KERNEL32.dll
0001:000040e0 _HeapCreate@12 004050e0 f kernel32:KERNEL32.dll
0001:000040e6 _VirtualFree@12 004050e6 f kernel32:KERNEL32.dll
0001:000040ec _HeapFree@12 004050ec f kernel32:KERNEL32.dll
0001:000040f2 _RtlUnwind@16 004050f2 f kernel32:KERNEL32.dll
0001:000040f8 _WriteFile@20 004050f8 f kernel32:KERNEL32.dll
0001:000040fe _HeapAlloc@12 004050fe f kernel32:KERNEL32.dll
0001:00004104 _GetCPInfo@8 00405104 f kernel32:KERNEL32.dll
0001:0000410a _GetACP@0 0040510a f kernel32:KERNEL32.dll
0001:00004110 _GetOEMCP@0 00405110 f kernel32:KERNEL32.dll
0001:00004116 _VirtualAlloc@16 00405116 f kernel32:KERNEL32.dll
0001:0000411c _HeapReAlloc@16 0040511c f kernel32:KERNEL32.dll
0001:00004122 _IsBadWritePtr@8 00405122 f kernel32:KERNEL32.dll
0001:00004128 _GetProcAddress@8 00405128 f kernel32:KERNEL32.dll
0001:0000412e _LoadLibraryA@4 0040512e f kernel32:KERNEL32.dll
0001:00004134 _MultiByteToWideChar@24 00405134 f kernel32:KERNEL32.dll
0001:0000413a _LCMapStringA@24 0040513a f kernel32:KERNEL32.dll
0001:00004140 _LCMapStringW@24 00405140 f kernel32:KERNEL32.dll
0001:00004146 _GetStringTypeA@20 00405146 f kernel32:KERNEL32.dll
0001:0000414c _GetStringTypeW@16 0040514c f kernel32:KERNEL32.dll
0002:00000000 __imp__GetCommandLineA@0 00406000 kernel32:KERNEL32.dll
0002:00000004 __imp__GetVersion@0 00406004 kernel32:KERNEL32.dll
0002:00000008 __imp__ExitProcess@4 00406008 kernel32:KERNEL32.dll
0002:0000000c __imp__TerminateProcess@8 0040600c kernel32:KERNEL32.dll
0002:00000010 __imp__GetCurrentProcess@0 00406010 kernel32:KERNEL32.dll
0002:00000014 __imp__UnhandledExceptionFilter@4 00406014 kernel32:KERNEL32.dll
0002:00000018 __imp__GetModuleFileNameA@12 00406018 kernel32:KERNEL32.dll
0002:0000001c __imp__FreeEnvironmentStringsA@4 0040601c kernel32:KERNEL32.dll
0002:00000020 __imp__FreeEnvironmentStringsW@4 00406020 kernel32:KERNEL32.dll
0002:00000024 __imp__WideCharToMultiByte@32 00406024 kernel32:KERNEL32.dll
0002:00000028 __imp__GetEnvironmentStrings@0 00406028 kernel32:KERNEL32.dll
0002:0000002c __imp__GetEnvironmentStringsW@0 0040602c kernel32:KERNEL32.dll
0002:00000030 __imp__SetHandleCount@4 00406030 kernel32:KERNEL32.dll
0002:00000034 __imp__GetStdHandle@4 00406034 kernel32:KERNEL32.dll
0002:00000038 __imp__GetFileType@4 00406038 kernel32:KERNEL32.dll
0002:0000003c __imp__GetStartupInfoA@4 0040603c kernel32:KERNEL32.dll
0002:00000040 __imp__GetModuleHandleA@4 00406040 kernel32:KERNEL32.dll
0002:00000044 __imp__GetEnvironmentVariableA@12 00406044 kernel32:KERNEL32.dll
0002:00000048 __imp__GetVersionExA@4 00406048 kernel32:KERNEL32.dll
0002:0000004c __imp__HeapDestroy@4 0040604c kernel32:KERNEL32.dll
0002:00000050 __imp__HeapCreate@12 00406050 kernel32:KERNEL32.dll
0002:00000054 __imp__VirtualFree@12 00406054 kernel32:KERNEL32.dll
0002:00000058 __imp__HeapFree@12 00406058 kernel32:KERNEL32.dll
0002:0000005c __imp__RtlUnwind@16 0040605c kernel32:KERNEL32.dll
0002:00000060 __imp__WriteFile@20 00406060 kernel32:KERNEL32.dll
0002:00000064 __imp__HeapAlloc@12 00406064 kernel32:KERNEL32.dll
0002:00000068 __imp__GetCPInfo@8 00406068 kernel32:KERNEL32.dll
0002:0000006c __imp__GetACP@0 0040606c kernel32:KERNEL32.dll
0002:00000070 __imp__GetOEMCP@0 00406070 kernel32:KERNEL32.dll
0002:00000074 __imp__VirtualAlloc@16 00406074 kernel32:KERNEL32.dll
0002:00000078 __imp__HeapReAlloc@16 00406078 kernel32:KERNEL32.dll
0002:0000007c __imp__IsBadWritePtr@8 0040607c kernel32:KERNEL32.dll
0002:00000080 __imp__GetProcAddress@8 00406080 kernel32:KERNEL32.dll
0002:00000084 __imp__LoadLibraryA@4 00406084 kernel32:KERNEL32.dll
0002:00000088 __imp__MultiByteToWideChar@24 00406088 kernel32:KERNEL32.dll
0002:0000008c __imp__LCMapStringA@24 0040608c kernel32:KERNEL32.dll
0002:00000090 __imp__LCMapStringW@24 00406090 kernel32:KERNEL32.dll
0002:00000094 __imp__GetStringTypeA@20 00406094 kernel32:KERNEL32.dll
0002:00000098 __imp__GetStringTypeW@16 00406098 kernel32:KERNEL32.dll
0002:0000009c \177KERNEL32_NULL_THUNK_DATA 0040609c kernel32:KERNEL32.dll
0002:000000cc ??_C@_0BH@PHHF@__GLOBAL_HEAP_SELECTED?$AA@ 004060cc LIBC:heapinit.obj
0002:000000e4 ??_C@_0BF@BBGL@__MSVCRT_HEAP_SELECT?$AA@ 004060e4 LIBC:heapinit.obj
0002:000000fc ??_C@_0P@GGKG@runtime?5error?5?$AA@ 004060fc LIBC:crt0msg.obj
0002:0000010c ??_C@_02PIMC@?$AN?6?$AA@ 0040610c LIBC:crt0msg.obj
0002:00000110 ??_C@_0O@DELO@TLOSS?5error?$AN?6?$AA@ 00406110 LIBC:crt0msg.obj
0002:00000120 ??_C@_0N@OMLL@SING?5error?$AN?6?$AA@ 00406120 LIBC:crt0msg.obj
0002:00000130 ??_C@_0P@OJAK@DOMAIN?5error?$AN?6?$AA@ 00406130 LIBC:crt0msg.obj
0002:00000140 ??_C@_0CF@EANP@R6028?$AN?6?9?5unable?5to?5initialize?5he@ 00406140 LIBC:crt0msg.obj
0002:00000168 ??_C@_0DF@ECGN@R6027?$AN?6?9?5not?5enough?5space?5for?5lo@ 00406168 LIBC:crt0msg.obj
0002:000001a0 ??_C@_0DF@FKAC@R6026?$AN?6?9?5not?5enough?5space?5for?5st@ 004061a0 LIBC:crt0msg.obj
0002:000001d8 ??_C@_0CG@DPMN@R6025?$AN?6?9?5pure?5virtual?5function?5c@ 004061d8 LIBC:crt0msg.obj
0002:00000200 ??_C@_0DF@CKIP@R6024?$AN?6?9?5not?5enough?5space?5for?5_o@ 00406200 LIBC:crt0msg.obj
0002:00000238 ??_C@_0CJ@GGOE@R6019?$AN?6?9?5unable?5to?5open?5console?5@ 00406238 LIBC:crt0msg.obj
0002:00000264 ??_C@_0CB@LBOB@R6018?$AN?6?9?5unexpected?5heap?5error?$AN?6@ 00406264 LIBC:crt0msg.obj
0002:00000288 ??_C@_0CN@FPEG@R6017?$AN?6?9?5unexpected?5multithread?5@ 00406288 LIBC:crt0msg.obj
0002:000002b8 ??_C@_0CM@OBIC@R6016?$AN?6?9?5not?5enough?5space?5for?5th@ 004062b8 LIBC:crt0msg.obj
0002:000002e4 ??_C@_0CB@HPAL@?$AN?6abnormal?5program?5termination?$AN?6@ 004062e4 LIBC:crt0msg.obj
0002:00000308 ??_C@_0CM@JOOB@R6009?$AN?6?9?5not?5enough?5space?5for?5en@ 00406308 LIBC:crt0msg.obj
0002:00000334 ??_C@_0CK@OIBL@R6008?$AN?6?9?5not?5enough?5space?5for?5ar@ 00406334 LIBC:crt0msg.obj
0002:00000360 ??_C@_0CF@LKPB@R6002?$AN?6?9?5floating?5point?5not?5load@ 00406360 LIBC:crt0msg.obj
0002:00000388 ??_C@_0CF@JPDF@Microsoft?5Visual?5C?$CL?$CL?5Runtime?5Lib@ 00406388 LIBC:crt0msg.obj
0002:000003b0 ??_C@_02JJJH@?6?6?$AA@ 004063b0 LIBC:crt0msg.obj
0002:000003b4 ??_C@_0BK@DEOK@Runtime?5Error?$CB?6?6Program?3?5?$AA@ 004063b4 LIBC:crt0msg.obj
0002:000003d0 ??_C@_03NAME@?4?4?4?$AA@ 004063d0 LIBC:crt0msg.obj
0002:000003d4 ??_C@_0BH@NNCD@?$DMprogram?5name?5unknown?$DO?$AA@ 004063d4 LIBC:crt0msg.obj
0002:000003ec ??_C@_0BD@NJFP@GetLastActivePopup?$AA@ 004063ec LIBC:crtmbox.obj
0002:00000400 ??_C@_0BA@GILI@GetActiveWindow?$AA@ 00406400 LIBC:crtmbox.obj
0002:00000410 ??_C@_0M@PKCK@MessageBoxA?$AA@ 00406410 LIBC:crtmbox.obj
0002:0000041c ??_C@_0L@HKL@user32?4dll?$AA@ 0040641c LIBC:crtmbox.obj
0002:00000428 ??_C@_01A@?$AA?$AA@ 00406428 LIBC:a_map.obj
0002:0000042c ??_C@_13A@?$AA?$AA?$AA?$AA@ 0040642c LIBC:a_map.obj
0002:00000454 __IMPORT_DESCRIPTOR_KERNEL32 00406454 kernel32:KERNEL32.dll
0002:00000468 __NULL_IMPORT_DESCRIPTOR 00406468 kernel32:KERNEL32.dll
0003:00000000 ___xc_a 00407000 LIBC:crt0init.obj
0003:00000004 ___xc_z 00407004 LIBC:crt0init.obj
0003:00000008 ___xi_a 00407008 LIBC:crt0init.obj
0003:00000010 ___xi_z 00407010 LIBC:crt0init.obj
0003:00000014 ___xp_a 00407014 LIBC:crt0init.obj
0003:00000018 ___xp_z 00407018 LIBC:crt0init.obj
0003:0000001c ___xt_a 0040701c LIBC:crt0init.obj
0003:00000020 ___xt_z 00407020 LIBC:crt0init.obj
0003:00000030 __aexit_rtn 00407030 LIBC:crt0.obj
0003:00000034 ___app_type 00407034 LIBC:crt0.obj
0003:00000038 __XcptActTab 00407038 LIBC:winxfltr.obj
0003:000000b0 __First_FPE_Indx 004070b0 LIBC:winxfltr.obj
0003:000000b4 __Num_FPE 004070b4 LIBC:winxfltr.obj
0003:000000b8 __XcptActTabCount 004070b8 LIBC:winxfltr.obj
0003:000000bc __fpecode 004070bc LIBC:winxfltr.obj
0003:000000c0 ___badioinfo 004070c0 LIBC:ioinit.obj
0003:000000c8 __amblksiz 004070c8 LIBC:heapinit.obj
0003:000000cc __NLG_Destination 004070cc LIBC:exsup.obj
0003:00000270 ___old_small_block_heap 00407270 LIBC:sbheap.obj
0003:00002294 ___old_sbh_threshold 00409294 LIBC:sbheap.obj
0003:000022a0 __pctype 004092a0 LIBC:ctype.obj
0003:000022a4 __pwctype 004092a4 LIBC:ctype.obj
0003:000022a8 __ctype 004092a8 LIBC:ctype.obj
0003:000024ac ___mb_cur_max 004094ac LIBC:nlsdata1.obj
0003:000024b0 ___decimal_point 004094b0 LIBC:nlsdata1.obj
0003:000024b4 ___decimal_point_length 004094b4 LIBC:nlsdata1.obj
0003:000024c0 __aenvptr 004094c0 LIBC:crt0.obj
0003:000024c4 __wenvptr 004094c4 LIBC:crt0.obj
0003:000024c8 ___error_mode 004094c8 LIBC:crt0.obj
0003:000024cc _errno 004094cc LIBC:crt0dat.obj
0003:000024d0 __doserrno 004094d0 LIBC:crt0dat.obj
0003:000024d4 __umaskval 004094d4 LIBC:crt0dat.obj
0003:000024d8 __osver 004094d8 LIBC:crt0dat.obj
0003:000024dc __winver 004094dc LIBC:crt0dat.obj
0003:000024e0 __winmajor 004094e0 LIBC:crt0dat.obj
0003:000024e4 __winminor 004094e4 LIBC:crt0dat.obj
0003:000024e8 ___argc 004094e8 LIBC:crt0dat.obj
0003:000024ec ___argv 004094ec LIBC:crt0dat.obj
0003:000024f0 ___wargv 004094f0 LIBC:crt0dat.obj
0003:000024f4 __environ 004094f4 LIBC:crt0dat.obj
0003:000024f8 ___initenv 004094f8 LIBC:crt0dat.obj
0003:000024fc __wenviron 004094fc LIBC:crt0dat.obj
0003:00002500 ___winitenv 00409500 LIBC:crt0dat.obj
0003:00002504 __pgmptr 00409504 LIBC:crt0dat.obj
0003:00002508 __wpgmptr 00409508 LIBC:crt0dat.obj
0003:0000250c __exitflag 0040950c LIBC:crt0dat.obj
0003:00002510 __C_Termination_Done 00409510 LIBC:crt0dat.obj
0003:00002514 __C_Exit_Done 00409514 LIBC:crt0dat.obj
0003:00002518 __pxcptinfoptrs 00409518 LIBC:winxfltr.obj
0003:00002624 __adbgmsg 00409624 LIBC:crt0msg.obj
0003:0000263c __newmode 0040963c LIBC:_newmode.obj
0003:00002640 ?_pnhHeap@@3P6AHI@ZA 00409640 LIBC:handler.obj
0003:00002644 ___lc_handle 00409644 LIBC:nlsdata2.obj
0003:0000265c ___lc_codepage 0040965c LIBC:nlsdata2.obj
0003:00002660 ___lc_collate_cp 00409660 LIBC:nlsdata2.obj
0003:0000266c ___sbh_sizeHeaderList 0040966c <common>
0003:00002670 ___sbh_indGroupDefer 00409670 <common>
0003:00002674 ___sbh_pHeaderScan 00409674 <common>
0003:00002678 ___sbh_initialized 00409678 <common>
0003:0000267c ___sbh_pHeaderDefer 0040967c <common>
0003:00002680 ___sbh_cntHeaderList 00409680 <common>
0003:00002684 ___sbh_pHeaderList 00409684 <common>
0003:00002688 ___sbh_threshold 00409688 <common>
0003:0000268c ___mbcodepage 0040968c <common>
0003:00002690 ___mbulinfo 00409690 <common>
0003:0000269c ___ismbcodepage 0040969c <common>
0003:000026a0 __mbcasemap 004096a0 <common>
0003:000027a0 __mbctype 004097a0 <common>
0003:000028a4 ___mblcid 004098a4 <common>
0003:000028a8 __crtheap 004098a8 <common>
0003:000028ac ___active_heap 004098ac <common>
0003:000028c0 ___pioinfo 004098c0 <common>
0003:000029c0 __nhandle 004099c0 <common>
0003:000029c4 ___env_initialized 004099c4 <common>
0003:000029c8 ___mbctype_initialized 004099c8 <common>
0003:000029cc ___onexitend 004099cc <common>
0003:000029d0 ___onexitbegin 004099d0 <common>
0003:000029d4 __FPinit 004099d4 <common>
0003:000029d8 __acmdln 004099d8 <common>
entry point at 0001:0000002f //模块的入口地址
Static symbols //静态符号
0001:00003d40 LeadUp1 00404d40 f LIBC:memmove.obj
0001:00003d6c LeadUp2 00404d6c f LIBC:memmove.obj
0001:00003d90 LeadUp3 00404d90 f LIBC:memmove.obj
0001:00003e0f UnwindUp0 00404e0f f LIBC:memmove.obj
0001:00003dfc UnwindUp1 00404dfc f LIBC:memmove.obj
0001:00003df4 UnwindUp2 00404df4 f LIBC:memmove.obj
0001:00003dec UnwindUp3 00404dec f LIBC:memmove.obj
0001:00003de4 UnwindUp4 00404de4 f LIBC:memmove.obj
0001:00003ddc UnwindUp5 00404ddc f LIBC:memmove.obj
0001:00003dd4 UnwindUp6 00404dd4 f LIBC:memmove.obj
0001:00003dcc UnwindUp7 00404dcc f LIBC:memmove.obj
0001:00003e28 TrailUp0 00404e28 f LIBC:memmove.obj
0001:00003e30 TrailUp1 00404e30 f LIBC:memmove.obj
0001:00003e3c TrailUp2 00404e3c f LIBC:memmove.obj
0001:00003e50 TrailUp3 00404e50 f LIBC:memmove.obj
0001:00003ec8 LeadDown1 00404ec8 f LIBC:memmove.obj
0001:00003ee8 LeadDown2 00404ee8 f LIBC:memmove.obj
0001:00003f10 LeadDown3 00404f10 f LIBC:memmove.obj
0001:00003f64 UnwindDown7 00404f64 f LIBC:memmove.obj
0001:00003f6c UnwindDown6 00404f6c f LIBC:memmove.obj
0001:00003f74 UnwindDown5 00404f74 f LIBC:memmove.obj
0001:00003f7c UnwindDown4 00404f7c f LIBC:memmove.obj
0001:00003f84 UnwindDown3 00404f84 f LIBC:memmove.obj
0001:00003f8c UnwindDown2 00404f8c f LIBC:memmove.obj
0001:00003f94 UnwindDown1 00404f94 f LIBC:memmove.obj
0001:00003fa7 UnwindDown0 00404fa7 f LIBC:memmove.obj
0001:00003fc0 TrailDown0 00404fc0 f LIBC:memmove.obj
0001:00003fc8 TrailDown1 00404fc8 f LIBC:memmove.obj
0001:00003fd8 TrailDown2 00404fd8 f LIBC:memmove.obj
0001:00003fec TrailDown3 00404fec f LIBC:memmove.obj
0001:00003a13 _strncnt 00404a13 f LIBC:a_map.obj
0001:000019ec _strtoxl 004029ec f LIBC:strtol.obj
0001:00001710 LeadUp1 00402710 f LIBC:memcpy.obj
0001:0000173c LeadUp2 0040273c f LIBC:memcpy.obj
0001:00001760 LeadUp3 00402760 f LIBC:memcpy.obj
0001:000017df UnwindUp0 004027df f LIBC:memcpy.obj
0001:000017cc UnwindUp1 004027cc f LIBC:memcpy.obj
0001:000017c4 UnwindUp2 004027c4 f LIBC:memcpy.obj
0001:000017bc UnwindUp3 004027bc f LIBC:memcpy.obj
0001:000017b4 UnwindUp4 004027b4 f LIBC:memcpy.obj
0001:000017ac UnwindUp5 004027ac f LIBC:memcpy.obj
0001:000017a4 UnwindUp6 004027a4 f LIBC:memcpy.obj
0001:0000179c UnwindUp7 0040279c f LIBC:memcpy.obj
0001:000017f8 TrailUp0 004027f8 f LIBC:memcpy.obj
0001:00001800 TrailUp1 00402800 f LIBC:memcpy.obj
0001:0000180c TrailUp2 0040280c f LIBC:memcpy.obj
0001:00001820 TrailUp3 00402820 f LIBC:memcpy.obj
0001:00001898 LeadDown1 00402898 f LIBC:memcpy.obj
0001:000018b8 LeadDown2 004028b8 f LIBC:memcpy.obj
0001:000018e0 LeadDown3 004028e0 f LIBC:memcpy.obj
0001:00001934 UnwindDown7 00402934 f LIBC:memcpy.obj
0001:0000193c UnwindDown6 0040293c f LIBC:memcpy.obj
0001:00001944 UnwindDown5 00402944 f LIBC:memcpy.obj
0001:0000194c UnwindDown4 0040294c f LIBC:memcpy.obj
0001:00001954 UnwindDown3 00402954 f LIBC:memcpy.obj
0001:0000195c UnwindDown2 0040295c f LIBC:memcpy.obj
0001:00001964 UnwindDown1 00402964 f LIBC:memcpy.obj
0001:00001977 UnwindDown0 00402977 f LIBC:memcpy.obj
0001:00001990 TrailDown0 00402990 f LIBC:memcpy.obj
0001:00001998 TrailDown1 00402998 f LIBC:memcpy.obj
0001:000019a8 TrailDown2 004029a8 f LIBC:memcpy.obj
0001:000019bc TrailDown3 004029bc f LIBC:memcpy.obj
0001:00001444 _getSystemCP 00402444 f LIBC:mbctype.obj
0001:0000148e _CPtoLCID 0040248e f LIBC:mbctype.obj
0001:000014c1 _setSBCS 004024c1 f LIBC:mbctype.obj
0001:000014ea _setSBUpLow 004024ea f LIBC:mbctype.obj
0001:00000c94 _gu_return 00401c94 f LIBC:exsup.obj
0001:00000c9c __unwind_handler 00401c9c f LIBC:exsup.obj
0001:0000054d _parse_cmdline 0040154d f LIBC:stdargv.obj
0001:000003b8 _xcptlookup 004013b8 f LIBC:winxfltr.obj
0001:000001c4 _doexit 004011c4 f LIBC:crt0dat.obj
0001:0000025d __initterm 0040125d f LIBC:crt0dat.obj
0001:00000133 _fast_error_exit 00401133 f LIBC:crt0.obj
//代码行信息
Line numbers for .\Release\crash.obj(E:\OspDemo小程序\crash\crash.cpp) segment .text
5 0001:00000000 6 0001:00000006 8 0001:0000000a 9 0001:0000000e
10 0001:0000001f 13 0001:00000023 14 0001:00000026 15 0001:0000002b
16 0001:0000002d分析:
1、崩溃地址(绝对地址),按照MAP文件中Rva+Base的地址可以知道,Crash地址为0x0040101a,介于Crash(00401000)—main(00401023)之间。所以崩溃的地方就应该在Crash函数中,但具体崩溃在哪一行尚不清楚。
其中:address表示的是函数在节内的偏移地址。
2、MAP 文件的最后部分–代码行信息(Line numbers information),它是以这样的形式显示的:
10 0001:0000001f
第一个数字代表在源代码中的代码行号,第二个数是该代码行在所属的代码段中的偏移量。
如果要查找代码行号,需要使用下面的公式做一些十六进制的减法运算:
崩溃行偏移 = 崩溃地址(Crash Address) - 基地址(ImageBase Address) - PE 文件的代码段偏移(如果是0x1000)
结合本示例:崩溃行偏移 = 0x0040101a - 0x00401000 = 0x1a;
位于9 0001:0000000e—10 0001:0000001f之间,在查看代码则确定崩溃行位于第9行,即i /= (j-1),至此就完成了Release下的崩溃定位。
由于2010取消map文件生成行号信息(vc6.0下是可以生成行号信息的),只能定位在那个函数发生崩溃。这里可以通过生成cod文件,即机器码这一文件,具体定位在那一行崩溃。
首先,配置vc2010生成map文件和cod文件:
(1).map文件:property->Configuration Properties->Linker->Debugging 中的Generate Map File选择Yes(/MAP);
(2).cod文件:property->Configuration Properties->C/C++->output Files中Assembler OutPut中选择Assembly,Maching Code and Source(/FAcs),生成机器,源代码。
由于使用2010编译,崩溃的地址可能不同,崩溃地址:0x00401018;
通过如下MAP文件可以定位在哪个函数崩溃。
0x00401000<崩溃地址(0x00401018)<0x00401030, 崩溃在Crash函数中
Address Publics by Value Rva+Base Lib:Object
0000:00000000 __except_list 00000000 <absolute>
0000:00000003 ___safe_se_handler_count 00000003 <absolute>
0000:00000000 ___ImageBase 00400000 <linker-defined>
0001:00000000 ?Crash@@YAXXZ 00401000 f crash.obj
0001:00000030 _main 00401030 f crash.obj
0001:0000020d _mainCRTStartup 0040120d f LIBCMT:crt0.obj
cod文件如下:
; Listing generated by Microsoft (R) Optimizing Compiler Version 16.00.30319.01
TITLE E:\OspDemo小程序\crash\crash.cpp
.686P
.XMM
include listing.inc
.model flat
INCLUDELIB LIBCMT
INCLUDELIB OLDNAMES
PUBLIC ?Crash@@YAXXZ ; Crash
; Function compile flags: /Odtp
; File e:\ospdemo小程序\crash\crash.cpp
_TEXT SEGMENT
_j$ = -2 ; size = 1
_i$ = -1 ; size = 1
?Crash@@YAXXZ PROC ; Crash
; 5 : {
00000 55 push ebp
00001 8b ec mov ebp, esp
00003 51 push ecx
; 6 : s8 i = 1;
00004 c6 45 ff 01 mov BYTE PTR _i$[ebp], 1
; 7 :
; 8 : s8 j = 1;
00008 c6 45 fe 01 mov BYTE PTR _j$[ebp], 1
; 9 : i /= (j-1);
0000c 0f be 4d fe movsx ecx, BYTE PTR _j$[ebp]
00010 83 e9 01 sub ecx, 1
00013 0f be 45 ff movsx eax, BYTE PTR _i$[ebp]
00017 99 cdq
00018 f7 f9 idiv ecx
0001a 88 45 ff mov BYTE PTR _i$[ebp], al
; 10 : }
0001d 8b e5 mov esp, ebp
0001f 5d pop ebp
00020 c3 ret 0
?Crash@@YAXXZ ENDP ; Crash
_TEXT ENDS
PUBLIC _main
; Function compile flags: /Odtp
_TEXT SEGMENT
_main PROC
; 13 : {
00030 55 push ebp
00031 8b ec mov ebp, esp
; 14 : Crash();
00033 e8 00 00 00 00 call ?Crash@@YAXXZ ; Crash
; 15 : return 0;
00038 33 c0 xor eax, eax
; 16 : }
0003a 5d pop ebp
0003b c3 ret 0
_main ENDP
_TEXT ENDS
END冒号后的”{“表示源文件中的语句,冒号前的”5”表示该语句在源文件中的行数。这之后显示该语句汇编后的偏移地址,二进制码,汇编代码。如
00000 55 push ebp
00001 8b ec mov ebp, esp
00003 51 push ecx
其中,”00000”表示相对于函数开始地址后的偏移,”55”为编译后的机器代码,” push ebp”为汇编代码。从”cod”文件中我们可以看出,一条(c/c++)语句通常需要编译成数条汇编语句 。此外有些汇编语句太长则会分多行显示如:
; 9 : i /= (j-1);
0000c 0f be 4d fe movsx ecx, BYTE PTR _j$[ebp]
00010 83 e9 01 sub ecx, 1
00013 0f be 45 ff movsx eax, BYTE PTR _i$[ebp]
00017 99 cdq
00018 f7 f9 idiv ecx
0001a 88 45 ff mov BYTE PTR _i$[ebp], al
其中,”0000c”表示相对偏移,在debug版本中,这个数据为相对于函数起始地址的偏移(此时每个函数第一条语句相对偏移为0000);release版本中为相对于代码段第一条语句的偏移(即代码段第一条语句相对偏移为0000,而以后的每个函数第一条语句相对偏移就不为0000了)。”0f be 4d fe”为编译后的机器代码 ,”movsx ecx, BYTE PTR _j$[ebp]”为汇编代码, 汇编语言中”;”后的内容为注释。
首先,崩溃偏移地址 = 崩溃语句地址 - 崩溃函数的起始地址
即,崩溃偏移地址 = 0x00401018 - 0x00401000 = 0x18;
根据Crash崩溃相对偏移地址:00018 f7 f9 idiv ecx,可确定崩溃在第9行,即:i /= (j-1)。
注:可以根据cod文件去查看debug崩溃而release正常的情况,亦或是相反的情况。
说明:本文参考网络文章整理而成
标签:
原文地址:http://blog.csdn.net/u010489702/article/details/51383511
