Sign in to follow this  
hiigara

Can I break a Visual C++ program when a certain address of memory is written?

Recommended Posts

hiigara    108
Some third party DLL loaded by GetOpenFileName is corrupting my memory. I want to know which so I can uninstall the program.
Due to a well known problem with adobe reader, I do call ::OleInitialize(NULL) right in the beginning of main(). But even with that hack, once I hover over a filename inside the GetOpenFileName dialog and the tooltip appears, my app's memory is corrupted and it actually crashes when it receives a WM_PAINT and tries to access that memory.
I want to break the debugging as soon as any code writes in that memory. Is it possible?
[source]

OPENFILENAME _ofn;
vector<char> _Filename(1024); // buffer for file name
//vector<char> _Filename(MAX_PATH); // buffer for file name
::ZeroMemory(&_ofn, sizeof(_ofn));
_ofn.lStructSize = sizeof(_ofn);
_ofn.hwndOwner = *_Owner->Qdwindowp;
_ofn.lpstrFile = &_Filename[0];
// Set lpstrFile[0] to '\0' so that GetOpenFileName does not
// use the contents of _Filename to initialize itself.
_ofn.lpstrFile[0] = '\0';
_ofn.nMaxFile = _Filename.size();
_ofn.lpstrFilter = _Filter;
_ofn.nFilterIndex = 1;
_ofn.Flags = OFN_EXPLORER | OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST |
OFN_HIDEREADONLY | ( _Allowmultiselect ? OFN_ALLOWMULTISELECT : 0 );
::GetOpenFileName(&_ofn);

[/source]

Share this post


Link to post
Share on other sites
iMalc    2466
Whatever DLLs are being loaded show up in your Modules window in Visual Studio. It should show up in there once it is loaded.

Share this post


Link to post
Share on other sites
hiigara    108
Thanks for the help. This problem is too hard. I think I am gonna quit, and hope that most people won't have this problem when opening a file.
I have already uninstalled adobe reader but the problem persists.

GetOpenFileName loads all these DLLs as soon as the dialog shows:
[source]
'pasion2.exe': Loaded 'C:\WINDOWS\system32\apphelp.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\clbcatq.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\comres.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\oleaut32.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\version.dll'
'pasion2.exe': Loaded 'C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll'
'pasion2.exe': Loaded 'C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll', Binary was not built with debug information.
'pasion2.exe': Loaded 'C:\Program Files\TortoiseSVN\bin\TortoiseSVN.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\wininet.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\normaliz.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\urlmon.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\iertutil.dll'
'pasion2.exe': Loaded 'C:\Program Files\TortoiseSVN\bin\libapr_tsvn.dll'
'pasion2.exe': Loaded 'C:\Program Files\TortoiseSVN\bin\libaprutil_tsvn.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\wldap32.dll'
'pasion2.exe': Loaded 'C:\Program Files\TortoiseSVN\bin\intl3_tsvn.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\shfolder.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\cscui.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\cscdll.dll'
'pasion2.exe': Loaded 'C:\Program Files\TortoiseCVS\TortoiseShell.dll', Binary was not built with debug information.
'pasion2.exe': Loaded 'C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\browseui.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\setupapi.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\ntshrui.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\atl.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\netapi32.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\userenv.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\shdocvw.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\crypt32.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\msasn1.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\cryptui.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\wintrust.dll'
'pasion2.exe': Loaded 'C:\WINDOWS\system32\imagehlp.dll'
[/source]

Then as I hover the tooltip it also loads the following:
[source]
'pasion2.exe': Loaded 'C:\WINDOWS\system32\xpsp2res.dll', Binary was not built with debug information.
'pasion2.exe': Loaded 'C:\WINDOWS\system32\shimgvw.dll'
'pasion2.exe': Unloaded 'C:\WINDOWS\system32\shimgvw.dll'
[/source]

Most of these DLLs are system and there is nothing I can do about it. I will uninstall SVN and give it another try.

Unfortunately the data breakpoint is not working either. I set a data breakpoint to the memory pointed by Texturebrushp:
[source]
BOOL Mainwindowprivate::virtual_wm_create ( HWND hwnd, LPCREATESTRUCT pcs )
{
Containerprivate::virtual_wm_create ( hwnd, pcs ) ;

Wallpaperbitmapp = LoadImage( "Wallpaper", "jpg" ) ;
Texturebrushp = new TextureBrush( Wallpaperbitmapp );

python_wrap_staticcallback( reinterpret_cast<void(*)()>(
&connect_initialize), "connect_initialize" );
PyModule_AddObject( PyImport_AddModule("application"),
"country_listcallback", python_create_void(
&Countrylistcallbacko ));
python_import( "Mainwindow" );
python_call_method( "Mainwindow.Mainwindow", "(N)",
python_create_container( this ));

return TRUE;
}

[/source]

Texturebrushp is never deleted in the life of the program.

After the dialog opens I do "break all" and check the memory, everything is still ok.
Then after a tooltip is displayed, I "break all" again, and get the attached image. All question marks.
Texturebrushp points to 0x010df650. This memory belongs to my process and I never dealocated it. Strange.

Share this post


Link to post
Share on other sites
Adam_42    3629
There's one thing I picked up on: [url="http://blogs.msdn.com/b/oldnewthing/archive/2011/05/06/10161590.aspx"]Casting function pointers is a bad idea[/url]. You should fix the declaration of the function instead of using a cast.

Share this post


Link to post
Share on other sites
hiigara    108
Solved it!!!!
It was bloody SVN shell extension.
Still one question remains: if the SVN shell extension I installed corrupts memory, how come it does not crash Windows Explorer itself?

Share this post


Link to post
Share on other sites
Muhammad Haggag    1358
[quote name='hiigara' timestamp='1323117946' post='4890822']
Solved it!!!!
It was bloody SVN shell extension.
Still one question remains: if the SVN shell extension I installed corrupts memory, how come it does not crash Windows Explorer itself?[/quote]
You're probably running into a corner case in the extension where it's not expecting to be invoked as part of the open file dialog. The dialog runs as part of your process, and so your process crashes.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this