线程的调用堆栈中充满了相同的函数调用--curl_inet_ntop()

Call stack of thread is full of the same function calls -- curl_inet_ntop()

本文关键字:--curl 函数调用 inet ntop 堆栈 调用 线程      更新时间:2023-10-16

我正在分析WinDbg中进程的内存转储,特别是其中一个线程的调用堆栈。调用堆栈的输出如下:

0:008> kb
RetAddr           : Args to Child                                                           : Call Site
00000000`0089e0d4 : 0369f3dc`0089e0c0 00000001`00000000 ffffffff`0097541c 00000000`0369e494 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 0097541c`00000000 0369e4a4`00000000 00000000`00000000 00000089`00000000 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 00000003`00000000 00000000`00000000 00000017`00000000 00000000`00000000 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 00000000`00000000 00000002`00000000 00000001`0097541c 010669d0`0369e4f8 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 00973376`00000000 775b1b47`00973379 01060000`01060000 010dba60`01060000 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 775b5bb8`0369e544 0000077f`01060000 010dba68`775b1ace 0000a4b0`000007ff : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 01060000`010dba60 01060054`00000000 0000a4b0`0000a4b0 7757f7f1`0369e598 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 00000800`01060000 01060000`00000000 00000000`010dba60 000007ff`0111ba70 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 01060000`000024af 00000000`010dba60 00000000`8b0024af 010ce9e0`01060000 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 010dba60`00000000 00000003`01060000 00000000`00000000 0000000a`00000000 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 00000003`00000000 00000000`00000000 0000005f`00000000 00000003`00000000 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 00000000`00000000 00000030`00000000 00000003`00000000 00000000`00000000 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 00000001`00000000 00000001`00000000 00000000`00000000 00977ae4`00000000 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 00000001`0369e640 00000000`00000000 017897f8`00000000 0369e644`00000000 : TestService!Curl_inet_ntop+0x714
00000000`0089e0d4 : 00000000`ffffffff 00000000`775b1e12 77565191`0369f2f4 fffffffe`7837cb7b : TestService!Curl_inet_ntop+0x714

这个输出只是整个堆栈的一部分,其中包含100多个相同的调用。

有人能解释一下这个调用堆栈中发生了什么吗?这个线程只是重复调用同一个函数curl_inet_ntop()吗?

实际上不是一个答案,但太长了,无法发表评论。试着打9999 kc查看堆栈上是否还有其他不同的调用。如果失败了,达!teb检查@rsp是否在StackBase和StackLimit之间,

0:000> !teb
TEB at 000007fffffde000
    ExceptionList:        0000000000000000
    StackBase:            0000000000130000
    StackLimit:           000000000010e000
0:000> r @rsp
rsp=000000000012d7b8

现在你可以做

0:000> dqs @rsp 0000000000130000  <- StackBase

现在您可以尝试计算潜在的返回地址,ub有助于揭示它是否是一个有效的返回地址。

0:000> kc 2
Call Site
ntdll!NtWaitForSingleObject
ntdll!RtlReportExceptionEx
0:000> dqs @rsp L3
00000000`0012d7b8  00000000`77983072 ntdll!RtlReportExceptionEx+0x1d2
00000000`0012d7c0  00000000`00000000
00000000`0012d7c8  00000000`004ba81a TB5OTx64+0xca81a
0:000> ub 00`77983072
ntdll!RtlReportExceptionEx+0x1bc:
00000000`7798305c f8              clc
00000000`7798305d 0000            add     byte ptr [rax],al
00000000`7798305f 00483b          add     byte ptr [rax+3Bh],cl
00000000`77983062 df74394d        fbstp   tbyte ptr [rcx+rdi+4Dh]
00000000`77983066 8bc6            mov     eax,esi
00000000`77983068 b201            mov     dl,1
00000000`7798306a 488bcb          mov     rcx,rbx
00000000`7798306d e87ee2f8ff      call    ntdll!NtWaitForSingleObject     (00000000`779112f0)
相关文章: