WinDbg
WinDbg でどこまでできるのか調査開始。
プログラムを走らせるのは Open Executable... から実行ファイルと引数を指定するとできる。ただ、UNIX系とはランタイムライブラリが異なるのでなかなか思ったところでとめるのは難しい。
bp malloc
これでmalloc ではとまるようになるのだが、なかなか数が多くて... write, printf では引っかからないようだ。
ここまでくるとシンボルを探したくなるのだが、当然 nm はない。symchk というコマンドがあるのだが、いまひとつ...
backtrace:
0:000> K
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0007fe70 7603d873 ntdll!KiFastSystemCallRet
0007fe84 00407014 kernel32!ExitProcess+0x15
0007febc 00407179 java+0x7014
0007ffa0 76043833 java+0x7179
0007ffac 775fa9bd kernel32!BaseThreadInitThunk+0x12
0007ffec 00000000 ntdll!LdrInitializeThunk+0x4d
load module list:
0:000> LM x
Unknown option 'x'
start end module name
00400000 00423000 java C (no symbols)
6d320000 6d328000 hpi (deferred)
6d3c0000 6d3df000 java_6d3c0000 (deferred)
6d820000 6d82c000 verify (deferred)
6d860000 6d86f000 zip (deferred)
6d870000 6dac0000 jvm (deferred)
73c30000 73c63000 WINMM (deferred)
74df0000 74e28000 OLEACC (deferred)
75cb0000 75cdc000 apphelp (deferred)
75e70000 75e77000 PSAPI (deferred)
75e90000 75f2e000 USER32 (deferred)
75f60000 75f7e000 IMM32 (deferred)
76000000 760d8000 kernel32 (export symbols) C:\Windows\system32\kernel32.dll
760e0000 761a7000 MSCTF (deferred)
761e0000 762a3000 RPCRT4 (export symbols) C:\Windows\system32\RPCRT4.dll
765a0000 7662c000 OLEAUT32 (deferred)
766d0000 7678f000 ADVAPI32 (export symbols) C:\Windows\system32\ADVAPI32.dll
77260000 772dd000 USP10 (deferred)
77470000 775b4000 ole32 (deferred)
775c0000 776de000 ntdll (export symbols) ntdll.dll
776e0000 776e9000 LPK (deferred)
77700000 7774b000 GDI32 (deferred)
77750000 777fa000 msvcrt (deferred)
7c340000 7c396000 msvcr71 (export symbols) C:\jdk6\jre\bin\msvcr71.dllUnloaded modules:
72000000 7201e000 ShimEng.dll
75cb0000 75cdc000 apphelp.dll
breakpoint list:
0:000> bl
0 e 7c36c01b 0001 (0001) 0:**** msvcr71!printf
1 d 7c3416e9 0001 (0001) 0:**** msvcr71!malloc
2 e 7c352ab9 0001 (0001) 0:**** msvcr71!write
3 e 7c352ab9 0001 (0001) 0:**** msvcr71!write
symbol list in msvcr71 (runtime c library):
0:000> X msvcr71!*
7c341222 msvcr71!memset ()
7c3413ae msvcr71!_crtLCMapStringA ()
7c3416e9 msvcr71!malloc ()
7c34174a msvcr71!strcpy ()
7c34174a msvcr71!mbscpy ()
7c3417d5 msvcr71!strlen ()
7c341b9c msvcr71!setmbcp ()
7c341cbe msvcr71!initterm ()
7c341d5f msvcr71!onexit ()
7c341d91 msvcr71!atexit ()
7c3420a2 msvcr71!msize ()
7c34211a msvcr71!lock ()
7c34213c msvcr71!unlock ()
7c342151 msvcr71!free ()
7c342357 msvcr71!calloc ()
7c34240d msvcr71!except_handler3 ()
7c3424f3 msvcr71!seh_longjmp_unwind ()
7c34250e msvcr71!global_unwind2 ()
7c342550 msvcr71!local_unwind2 ()
:
0:000> x jvm!JVM_*
6d888f90 jvm!JVM_EnqueueOperation ()
6d963490 jvm!JVM_GetInterfaceVersion ()
6d9634b0 jvm!JVM_CurrentTimeMillis ()
6d9634d0 jvm!JVM_NanoTime ()
6d9634f0 jvm!JVM_ArrayCopy ()
6d9635f0 jvm!JVM_OnExit ()
6d963610 jvm!JVM_MaxObjectInspectionAge ()
6d963630 jvm!JVM_TraceMethodCalls ()
6d963630 jvm!JVM_ReleaseUTF ()
6d963630 jvm!JVM_TraceInstructions ()
6d963650 jvm!JVM_FillInStackTrace ()
6d963700 jvm!JVM_PrintStackTrace ()
6d963780 jvm!JVM_GetStackTraceDepth ()
6d963810 jvm!JVM_GetStackTraceElement ()
6d963910 jvm!JVM_IHashCode ()
6d9639a0 jvm!JVM_MonitorWait ()
6d963aa0 jvm!JVM_MonitorNotify ()
6d963b50 jvm!JVM_MonitorNotifyAll ()
6d963c00 jvm!JVM_IsSilentCompiler ()
6d963c20 jvm!JVM_CompileClass ()
:
0:000> bp jvm!JVM_CurrentTimeMillis
Bp expression 'jvm!JVM_CurrentTimeMillis' could not be resolved, adding deferred bp
0:000> GERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\ShimEng.dll -
ModLoad: 72000000 7201e000 C:\Windows\system32\ShimEng.dll
ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\apphelp.dll -
ModLoad: 75cb0000 75cdc000 C:\Windows\system32\apphelp.dll
ERROR: Symbol file could not be found. Defaulted to export symbols for C:\jdk6\jre\bin\msvcr71.dll -
ModLoad: 7c340000 7c396000 C:\jdk6\jre\bin\msvcr71.dll
ERROR: Symbol file could not be found. Defaulted to export symbols for C:\jdk6\jre\bin\client\jvm.dll -
ModLoad: 6d870000 6dac0000 C:\jdk6\jre\bin\client\jvm.dll
ModLoad: 75e90000 75f2e000 C:\Windows\system32\USER32.dll
ModLoad: 77700000 7774b000 C:\Windows\system32\GDI32.dll
ModLoad: 73c30000 73c63000 C:\Windows\system32\WINMM.dll
ModLoad: 77750000 777fa000 C:\Windows\system32\msvcrt.dll
ModLoad: 77470000 775b4000 C:\Windows\system32\ole32.dll
ModLoad: 765a0000 7662c000 C:\Windows\system32\OLEAUT32.dll
ModLoad: 74df0000 74e28000 C:\Windows\system32\OLEACC.dll
ModLoad: 75f60000 75f7e000 C:\Windows\system32\IMM32.DLL
ModLoad: 760e0000 761a7000 C:\Windows\system32\MSCTF.dll
ModLoad: 75cb0000 75cdc000 C:\Windows\system32\apphelp.dll
ModLoad: 776e0000 776e9000 C:\Windows\system32\LPK.DLL
ModLoad: 77260000 772dd000 C:\Windows\system32\USP10.dll
ModLoad: 6d320000 6d328000 C:\jdk6\jre\bin\hpi.dll
ModLoad: 75e70000 75e77000 C:\Windows\system32\PSAPI.DLL
ModLoad: 6d820000 6d82c000 C:\jdk6\jre\bin\verify.dll
ModLoad: 6d3c0000 6d3df000 C:\jdk6\jre\bin\java.dll
ModLoad: 6d860000 6d86f000 C:\jdk6\jre\bin\zip.dll
Breakpoint 4 hit
eax=6d3cb0be ebx=2bb0d170 ecx=003048f4 edx=00110000 esi=2b309ff0 edi=00304800
eip=6d9634b0 esp=002bfacc ebp=002bfb00 iopl=0 nv up ei ng nz na po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000283
jvm!JVM_CurrentTimeMillis:
6d9634b0 a07ccca96d mov al,byte ptr [jvm!gHotSpotVMLongConstantEntryNameOffset+0x10f4 (6da9cc7c)] ds:0023:6da9cc7c=00
0:001> K
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
002bfb00 01182d93 jvm!JVM_CurrentTimeMillis
002bfb60 6d93b99c 0x1182d93
002bfb78 6d93bd2d jvm!AsyncGetCallTrace+0x2d2cc
002bfbf0 6d9c3441 jvm!AsyncGetCallTrace+0x2d65d
002bfc70 6d9bf468 jvm!JVM_FindSignal+0x502f1
002bfc8c 6da19dcf jvm!JVM_FindSignal+0x4c318
002bfc94 6d8d6754 jvm!JVM_FindSignal+0xa6c7f
002bfd08 6d9287f7 jvm!JVM_EnqueueOperation+0x4d7c4
002bfd1c 6d928c58 jvm!AsyncGetCallTrace+0x1a127
002bfd34 77622447 jvm!AsyncGetCallTrace+0x1a588
002bfd38 7762214c ntdll!RtlTryEnterCriticalSection+0xb61
002bfd4c 6d90936a ntdll!RtlTryEnterCriticalSection+0x866
002bfd90 76047804 jvm!JVM_EnqueueOperation+0x803da
00000000 00000000 kernel32!WaitForSingleObjectEx+0xb4
0:000> X jvm!JVM_Invoke*
6d96cc90 jvm!JVM_InvokeMethod () restart:
0:000> bl
0 eu 0001 (0001) (printf)
1 du 0001 (0001) (malloc)
2 eu 0001 (0001) (write)
3 eu 0001 (0001) (write)
4 du 0001 (0001) (jvm!JVM_CurrentTimeMillis)
0:000> bp jvm!JVM_InvokeMethod
Bp expression 'jvm!JVM_InvokeMethod' could not be resolved, adding deferred bp
0:000> bl
0 eu 0001 (0001) (printf)
1 du 0001 (0001) (malloc)
2 eu 0001 (0001) (write)
3 eu 0001 (0001) (write)
4 du 0001 (0001) (jvm!JVM_CurrentTimeMillis)
5 eu 0001 (0001) (jvm!JVM_InvokeMethod)0:000> bl
0 eu 0001 (0001) (printf)
1 du 0001 (0001) (malloc)
2 eu 0001 (0001) (write)
3 eu 0001 (0001) (write)
4 du 0001 (0001) (jvm!JVM_CurrentTimeMillis)
5 eu 0001 (0001) (jvm!JVM_InvokeMethod)
0:000> be 4
0:000> bl
0 eu 0001 (0001) (printf)
1 du 0001 (0001) (malloc)
2 eu 0001 (0001) (write)
3 eu 0001 (0001) (write)
4 eu 0001 (0001) (jvm!JVM_CurrentTimeMillis)
5 eu 0001 (0001) (jvm!JVM_InvokeMethod)
:
0:001> K
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0014fa58 01342d93 jvm!JVM_CurrentTimeMillis
0014faa0 01342cb1 0x1342d93
0014fad8 01342e17 0x1342cb1
0014fb1c 01342e17 0x1342e17
0014fb48 01342edd 0x1342e17
0014fc6c 6d93b99c 0x1342edd
0014fc84 6d93bd2d jvm!AsyncGetCallTrace+0x2d2cc
0014fcfc 6d9c3441 jvm!AsyncGetCallTrace+0x2d65d
0014fe3c 6da12b61 jvm!JVM_FindSignal+0x502f1
0014fe44 6da1736d jvm!JVM_FindSignal+0x9fa11
0014fe48 6da17384 jvm!JVM_FindSignal+0xa421d
0014fee0 6d9512ce jvm!JVM_FindSignal+0xa4234
0014fef4 00401633 jvm!JNI_CreateJavaVM+0x3e
0014ff20 00401e08 java+0x1633
0014ff6c 0040812e java+0x1e08
0014ffa0 76043833 java+0x812e
0014ffac 775fa9bd kernel32!BaseThreadInitThunk+0x12
0014ffec 00000000 ntdll!LdrInitializeThunk+0x4d
