debugging 应用程序验证程序停止:一个HKEY被泄露

tzcvj98z  于 2023-10-24  发布在  其他
关注(0)|答案(1)|浏览(173)

在使用Application Verifier和windbg调试我的一个VSTO插件时,我发现在Word关闭时,我会得到以下停止:

VERIFIER STOP 00000902: pid 0x3F1C: An HKEY was leaked. 

00000632 : Value of the leaked HKEY.
0422EA9C : Address to the allocation stack trace. Run dps <address> to view the allocation stack.
1D3F6FE8 : Address of the owner dll name. Run du <address> to read the dll name.
74040000 : Base of the owner dll. Run .reload <dll_name> = <address> to reload the owner dll. Use 'lm' to get more information about the loaded and unloaded modules.

找出此停止原因的最佳方法是什么?
根据建议,我做了dps 0422EA9C
并返回了以下内容:

0422ea9c  0423f164
0422eaa0  0000e001
0422eaa4  001c0000
0422eaa8  740f3da0 vfbasics!AVrfpRegOpenKeyW+0xb0
0422eaac  74041e54 oledlg!CStringCache::Init+0x47
0422eab0  74041b51 oledlg!DllMain+0x2e
0422eab4  74041869 oledlg!_CRT_INIT+0x26d
0422eab8  7415c66d verifier!AVrfpStandardDllEntryPointRoutine+0x99
0422eabc  741c95fa vrfcore!VfCoreStandardDllEntryPointRoutine+0x12a
0422eac0  740e7904 vfbasics!AVrfpStandardDllEntryPointRoutine+0xa4
0422eac4  77698d04 ntdll!LdrpCallInitRoutine+0x14
0422eac8  7769c23d ntdll!LdrpRunInitializeRoutines+0x26f
0422eacc  7769aeb5 ntdll!LdrpLoadDll+0x453
0422ead0  7769afcc ntdll!LdrLoadDll+0xaa
0422ead4  740e7d2d vfbasics!AVrfpLdrLoadDll+0x5d
0422ead8  75072ca8 KERNELBASE!LoadLibraryExW+0x1f7
0422eadc  74e548f4 kernel32!LoadLibraryW+0x11
0422eae0  741a6871 vstoee!DllGetClassObject+0x4320
0422eae4  741a68a1 vstoee!DllGetClassObject+0x4350
0422eae8  6b5bfca5 mso!Ordinal4378+0x8dc
0422eaec  6ac85248 mso!MsoFLongSave+0xaa353
0422eaf0  6a686ddd mso!Ordinal9769+0x60b
0422eaf4  6a68667a mso!Ordinal1832+0x13b
0422eaf8  6be22bbb wwlib!DllGetClassObject+0x5dbef
0422eafc  6bdc7c2f wwlib!DllGetClassObject+0x2c63
0422eb00  6bdc4a4b wwlib!FMain+0x253
0422eb04  013815c4 winword+0x15c4
0422eb08  01381558 winword+0x1558
0422eb0c  74e5337a kernel32!BaseThreadInitThunk+0xe
0422eb10  776992b2 ntdll!__RtlUserThreadStart+0x70
0422eb14  77699285 ntdll!_RtlUserThreadStart+0x1b
0422eb18  00000000

然后du 1D3F6FE8
返回

1d3f6fe8  "oledlg.dll"

有趣的是,如果我在没有加载插件的情况下在Word上运行Application Verifier / WinDbg,我仍然会停止:

APPLICATION_VERIFIER_LEAK_ALLOCATION (900)
A heap allocation was leaked.
This stop is generated if the owner dll of the allocation was dynamically unloaded while owning resources. 
Arguments:
Arg1: 0b7e2fb8, Address of the leaked allocation. Run !heap -p -a <address> to get additional information about the allocation. 
Arg2: 041495f4, Address to the allocation stack trace. Run dps <address> to view the allocation stack. 
Arg3: 0c446fe4, Address of the owner dll name. Run du <address> to read the dll name. 
Arg4: 70b50000, Base of the owner dll. Run .reload <dll_name> = <address> to reload the owner dll. Use 'lm' to get more information about the loaded and unloaded modules. 
GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/winword_exe/15_0_4737_1003/559b7227/vrfcore_dll/10_0_15063_137/f4688fdb/80000003/00003809.htm?Retriage=1

这是同一件事,但报告不同吗?

3pvhb19x

3pvhb19x1#

我更深入地研究了这个问题,因为上面非常有用的评论让我认为这不是我的插件代码的问题,而是VSTO主机应用程序的问题。
因此,我创建了一个简单的VSTO插件,带有一个按钮功能区,只需打开一个带有标签的任务窗格,标签上写着“Hello!”(没有其他-没有WPF),我可以确认,即使在这种情况下,我仍然会在关闭时获得HKEY泄漏。
为了完整起见,当没有加载插件时,我会得到一个不同的stop:

=======================================
VERIFIER STOP 0000000000000300: pid 0x4008: Invalid handle exception for current stack trace. 

    00000000C0000008 : Exception code.
    000000000F9DE670 : Exception record. Use .exr to display it.
    000000000F9DE180 : Context record. Use .cxr to display it.
    0000000000000000 : Not used.

=======================================
This verifier stop is continuable.
After debugging it use `go' to continue.

=======================================

ModLoad: 711a0000 711c5000   C:\windows\SysWOW64\POWRPROF.DLL

=======================================
VERIFIER STOP 00000900: pid 0x4008: A heap allocation was leaked. 

    0BDCCFB8 : Address of the leaked allocation. Run !heap -p -a <address> to get additional information about the allocation.
    041D9C54 : Address to the allocation stack trace. Run dps <address> to view the allocation stack.
    0C36AFE4 : Address of the owner dll name. Run du <address> to read the dll name.
    749C0000 : Base of the owner dll. Run .reload <dll_name> = <address> to reload the owner dll. Use 'lm' to get more information about the loaded and unloaded modules.

=======================================

!avrf建议使用APPLICATION_VERIFIER_LEAK_ALLOCATION (900),所以我认为这不是应用程序验证程序的问题。

相关问题