Discussion:
Dump File - ecx == 0 ... ?
(too old to reply)
Martin B.
2010-03-22 14:20:33 UTC
Permalink
Hi All.

We have a dump file that seems to show weird values:
We get an
Unhandled exception at 0x00439360 (app.exe) in
DumpDS-V235_22_1_0-20100320-183252-3352-3484.dmp: 0xC0000005: Access
violation reading location 0x0000000c.
app.exe!CMeasuredDataRow::GetDataAt(int nIndex=0x00000003) Line 87 +
0x10 bytes C++
app.exe!CRunMeasGrid::GetDrawText(.....) Line 653 + 0x3f bytes C++
tools.dll!CGrid::DrawCell(....) Line 1335 + 0x1a bytes C++

The disassembly shows:
inline TDATA GetDataAt(int nIndex) const { return m_pData[nIndex]; }
00439350 push ebp
00439351 mov ebp,esp
00439353 push ecx
00439354 mov dword ptr [ebp-4],ecx
00439357 mov eax,dword ptr [this]
0043935A mov ecx,dword ptr [eax+20h]
0043935D mov edx,dword ptr [nIndex]

=>

00439360 fld dword ptr [ecx+edx*4]

Content: ecx = 0x00000000 / edx == 3 / nIndex == 3 / eax == 0x0ff40ddc /
this == 0x0ff40ddc / ebp == 0x0012f914

<=

00439363 mov esp,ebp
00439365 pop ebp
00439366 ret 4
--- No source file


How can ECX be zero, when two instructions above it was set to eax+20h ?!?

cheers,
Martin
Jochen Kalmbach [MVP]
2010-03-22 14:52:46 UTC
Permalink
Hi Martin!
Post by Martin B.
How can ECX be zero, when two instructions above it was set to eax+20h ?!?
Youz passed a NULL-Pointer into the function.

by the way: The value was not set to "eax+0x20"... it was set to [eax+0x20]!
--
Greetings
Jochen

My blog about Win32 and .NET
http://blog.kalmbachnet.de/
plodoc
2010-03-22 15:05:56 UTC
Permalink
Post by Martin B.
inline TDATA GetDataAt(int nIndex) const { return m_pData[nIndex]; }
00439357 mov eax,dword ptr [this]
0043935A mov ecx,dword ptr [eax+20h]
ECX is set to the content of *(this+0x20), which would be m_pData. So m_pData is null.
Martin B.
2010-03-22 15:27:49 UTC
Permalink
Post by plodoc
Post by Martin B.
inline TDATA GetDataAt(int nIndex) const { return m_pData[nIndex]; }
00439357 mov eax,dword ptr [this]
0043935A mov ecx,dword ptr [eax+20h]
ECX is set to the content of *(this+0x20), which would be m_pData. So m_pData is null.
Except that m_pData isn't NULL and the values it points to make perfect
sense (valid floating point values).
But of course m_pData could have been changed by another thread since
ECX was set, so that would make sense.

Could you please explain why EAX contains the value that is displayed
for this but ECX should contain the dereferenced value of eax+20h ... ?

cheers,
Martin
plodoc
2010-03-22 16:01:53 UTC
Permalink
Post by Martin B.
But of course m_pData could have been changed by another thread since
ECX was set, so that would make sense.
yes, that's probably what happened.
Post by Martin B.
Could you please explain why EAX contains the value that is displayed
for this but ECX should contain the dereferenced value of eax+20h ... ?
In fact eax is also set by dereferencing the "this" pseudo-register.
mov eax,dword ptr [this]
But when dumping the registers values, your debugger automatically dereferences [this],
which is confusing.

Loading...