最近遇到一个Windows Office Communicator 2007 崩溃的问题,有些意思,写下来跟大家分享。
【现象】
我们公司内部使用office communicator来做内部人员的IM工具,使用的是一个定制版本(plugin), 可以跟公司内部的组织架构做整合。我使用的OS是Windows 7 32bit,一开始使用并无问题,在某次windows update之后,发现没法添加好友,在其他的同事的windows 7机器也出现这个问题,windows XP 上并无这个问题。由于我并没有源码,只能在汇编这一级别进行调试。
大概的过程是这样的,在communicator上点击按钮后,会打开一个IE窗口,这个页面会使用一个公司的ActiveX控件,崩溃会发生在这个控件中,无法使用该功能。
【调试】
在没有调试器的情况下,windows只会给你一个出错提示,没有任何有用信息。这次我使用的Windbg,使用"Windbg -I"设置成默认的事后调试器。
当崩溃发生的时候,自动打开windbg:
从上面的出错信息,可以得到以下几点信息:
1.崩溃进程是iexplorer.exe(使用lmf命令)
2.崩溃的模块是AddContact.dll(这个正是定制的DLL)
3.崩溃的指令是mov ecx,dword ptr [eax],这条指令相当于ecx = *eax;但是由于eax =0 ,导致了一个空指针访问,从而崩溃了。
让我们看看为什么eax会等于0,反汇编看看更多
可以看出eax指向了ebp+8的地址,我们知道vc的函数调用堆栈是:(可以参考我以前的一篇文章:
vc6函数调用浅析)
ebp+8实际上函数的第一个参数。
接下来我们使用kb命令来看看crash stack:(要先设置好symbol的path,我没有AddContact.dll的pdb), 发现第一个参数确实为0
我们必须要看上一帧的调用情况,从上图可以看出返回地址是0b163df8(AddContact的基址是0x0b160000,偏移量是3df8)。
我标记了关键的四条指令:
mov esi,dword ptr [ebp+8]
mov eax,dword ptr [esi+0B4h]
push eax
call AddContact!DllUnregisterServer+0x640a (0b16755f)
可以看出esi指向的第一个参数,eax指向的是参数的B4偏移处,而这个eax正是作为第一个参数(记住函数调用是从右向左入栈)
![](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAsYAAAFpCAIAAAAQqHlEAAAgAElEQVR4nO2d7dKkKAxG+/5v2v0xOz02kOQJoKKeU9aWHSAJ4Svta89+NgAAAIBhPlc7AAAAAE/g/5Ti8xe1mVE/Kz+a2m7ohlXa0S+nSUpPs2ZHPNcZFwAAeB6f7fekEU+1KfdHk/XBOV9DoaNzih7Fn7CJ4wxZBQAADHJxSnHoSdaX1jS/yqdsOXJSCgAAeCpxSuFLxp9S6Ifot6b+NwLr3vnbwXhKYem3jJ6QUvypT0oBAADHccZTik1450Dy9QA/w4+bnQrsS7uVFyaapc36Ys19fVIKAAA4jlXepRixO+Jn+FG0u3+CklIu6neafCU1um+kFAAAMMgSKcX6TylCu5enFH7l5oMWUgoAAJjI9SlFx9N+8W8ER6cUzfvzU4ruP5eQUgAAwER+Dmn9EYJVv0Oec/evEj2rqL+aO9/am/JsvywTlnJHv9MjR5vfsM8uAACAD2cJAAAATICUAgAAACZASgEAAAATIKUAAACACUi/obBK/TcT5zo6Hf+dyrpyNgLbRS8/nh/5jndFryLrZEennPmzeHAAAAZRf0ZolX4+poaRDXTW5uvnSY7ELx3RsxTj7umBupzsuHSMo5V3ZvUAANyRaSnF3L3y8pQi/CjqWfwIOSKlWIS545JNQUbqAADclJ+EQPxbQFPuH97N+l+jjt2s3PKz6ZUvmZtSWP3de6jEuZYXJpr+pOITKi/kzbB06CnkdZGip458U6LYddpa8bRCIXoFAHBrzJSiPmZSckvPVu3mvlrTb9uuuMuHm7voku6A39+iyFIbepWq0HES112wjvwOPXXlDj1iw/BerNCMQ1MJ2QMAPBszkzgnpbCqOZtyeHSFekLHdJdCPeLR1VRSIza0VInON+1a9S2dHXqseZjS49T34y+GyImAEiglgAAAN6Wx+/9fsFhKkbUbluomfFW+HuVecWa84db6opxqHpbu6/TpqdseNL5iSpENb1iNlAIAHsy0pxRW0WBK0ZHKKN1pEn79DVv5egZTin1f6hSwT3MYZ99tR5LVY7Xt05NqKI5RqLZbJwDAM/g5mYpT6lPhy4uiprBWUtvdV2j7+nvwWM5Yer5yS7lYpDRpSpr3ul2rFx1+NuPTrN/hZ1ZP3aO5erbMuGT7Zen35ZafAAB3hO3s3nAgAQDAInAg3Q//2zkAAMAlcCYBAADABEgpAAAAYAKNlyX3Eq+l/cJg6vW0oolvN/XA33+Dj78a3AL+vgMAcBe83+z5GYD++rqoc0qd0JktmZfA5TBSAAC3oCelsEoHj/kpdXR/OKjuAiMFAHALgpQi9YeD7DFv6Xfk3baypTDIp2Ivr+/rJnt5XfkEUvNz/9FaMgAAzybxlML/uEU/bnTyA91uarMO/VGUQDfWODbHujmdvjdOtYOw/PH9dJoDADyeySmFU1rIO1KKkS3b9xaOIDuOVv53yVH9aRE6wPMJAHgzpBRwFN3j6DzQuvApheIAKQUAvJkzUgrlQfcRKYVfn33/aMJx9P+ice0fFPjDBwBAlsbLZYUkLPpRZ3xL8yvvSx27jn6ze4JdURVkCcdxq7KKun5zblzr/2p+AgAsArseHAVnKgDAq2DTh0PgmzoAwNtgxwcAAIAJkFIAAADABILXM72W9q/s6iL/MXj9mptjVH+cbr1e5/sPS8FfTwAA7kLiR6R7ubXRh0JH55Q6oTMbf+a/G4wUAMAt6EkprNLBY35KHd0fDqq7wEgBANyCIKVI/eEge8xb+h15t61sKQzyqdjL6/u6yV5eVz6B1Pzcf7SWDADAs5n8r2c6m6mTH+h2fRNZf0INMII1js2xbk6n741T7SAsf3w/neYAAI9nckrhlBbyvpQi1G/hewtHkEopNvvL/SVH9adF6ADPJwDgzZBSwFFkU4q9UJyTxxFOYKuUlAIAXssZKYXyoDuVUohbtn8Use8fTZhS+H/RuPYPCvzhAwAgS+PlskISFv2oM76l+ZX3pY7d7fcQkron2NW1QQplHPdFzfrNuXGt/6v5CQCwCOx6cBScqQAAr4JNHw6Bb+oAAG+DHR8AAAAmQEoBAAAAEwhez/Ra2r+yq4v8x+D1a26i9z7O64FzDcFx3G6Y7uUtAMBEEj8i3cutjT4UOjrDOlkcPez7N4LBAgC4BT0phVWqbP0rpBQcUfeC8QIAuAVBSuH/4SCUNOwJ+hW51DdSiuv4VOzl9X3dZC+vK59A9/w800kAgHWY/K9nOrtq85zosOsIRX+yqQn0YY1jc6yb0+l741Q7CMsfx0+rIQDAS5icUjilhbwjpbC+HSqIfYSJpFKKzf6Wf8l4fVr4fp7sIQDAatwmpRj8LkhKcT7ZlGIvvHy8FENhAgQA8CrOSCmUB91HpBQpf2A6YUpRfPW3mi+SUjTnYS1hRgHAazGf5VpPfeuiH3XGM2G/8r5UtLslX6cQ5TCRcJ5sVVZR12/OjWv9z8oBAF4CGx8cBccqAMCrYNOHQ+DLOgDA22DHBwAAgAmQUgAAAMAEgtczvZb2z0Szr0PWr+OJarvp6G+zTvbxvlV/lvzunDP64/74pc48WX/IHM+tedhU4qyUS0JxfuT90C2F7qRTzenv3H1M0ROq9Xuhe+Ivdn11iBbXJ/Ej0r3cCZYvdHSm6oyQ7e+ZbUfun8HRo5+le2Oy6ox05IglEBb5800frxvN23H39EBdzsg+puiZu4/p82rW+aV40uHDiOmV6UkprNIjpmNWvwIpxco8LKWY6/blKUX4UdSz+Lw9IqVYhPFxOTrtyGo+8/xS7Co635tS7ClbDqcUlv6s3LFl6ZnlT6jH6fv0+9VQ4tlsZWk7ylGbP0brcdTnieO2Vf9r1LGblY/E35nGTgd9PWF/9x4qca7lhYmmP6n4hMoLeTMsHXoKeV2k6Kkj35R02/VN+Lb8JqFmR6fjpyLx9YT+f4T5ozhwL4KU4qdqtJWE8RKVW0WhA6F7tatOk+9y8utY/W0aPfR+KcQVm1rYUxxLUc+B7OTUu7Nv0jfnfbvitAlHRHRJd8Dvb1FkqVV2pz73xPp1F5pHSJ+eunKHHrFh6j5UGNb0909Fc5+fjjP6TPD9TwXNEt6OySmFU1rIHW1WUWp7/bTwbTX1i34255kzO4+4XwrHMSs+fsPze9qMc3ZyprZXx66jLZzkinXFMd2lUE/fnrPZ61ppaKkSnW/atepbOjv0WPMwpcep78e/DlHqo+9S2CpU4ujJ+mnFWXEmnG9KlMQgLM6TUwqlKLQr+pnt1xH3SyHuLOFSDOXHEe6/mzDuHTusvgY77IalUzbHUE/fnqOb0xtufwe6u3lYuq/Tp6due9D4HpRSpFIBB1KK9TkjpRg5esUmNR1bNinFRKz43yulqO87JqcyryxVoTk9pcjumH5DR5JywNevmNv3ZY/fMBuf1EnsSLJ6rLZ9elINO8YodVJ27GOh/unn1+A61StYwttRrsZ/BRVW0Y86ez07lfelll3HH7NvGT/1/jaLLLtbNfOazs+SL4USz004Eiz5Oc5vVbSt+WDJ6y47/XLs7is0XRXjaen5yi3lYpHSJIxzh12rFx1+NuPTrN/hZ1ZP3aO5eraBcam77Ch3QlS3ssj6HxaF/nT4r8RBCd0deUg3AAC+PGaDhoKnjuxj+vWQbgDAy7G+/8HDeN74PqlHz+kJAAAAXAgpBQAAAEwgeD3Ta2m/GNV8XcVRqD+rTD3Y7HitBlaDYQIAuAuNnyQ073/a2OdxKHR0xr4mf3Sk2OK4Wh/GCADgFvSkFFbprGNeaUtK8R4YIwCAWxCkFM5L1OMphaXfkXfbcnwI9UAHn4q9vL6vm+zldeUTUOZnLSzuAQDeQ+Iphf9xi37E5eQH+49NtaFvTSx/SCnOQRlicdydagfh+GMJmVcA8HImpxROaSHXU4qU/mxbtv7jSKUUm/3l/pLx+rRoFjVbneMkAMBSkFKw+x9FNqXYCy8fr3ACWx9JKQDgtZyRUigPusUH4I71mpQ/MJ1wiIuv/lbzRVKKz6dcLBvzCgBgR/ks91+B8dS3LvpRZ3xL8ysXpR36ze5l/IG5hOO4VVmFMxm200fN8r8Q1r4xuwDgnbDrwVFwpgIAvAo2fTgEvqkDALwNdnwAAACYACkFAAAATCB4PdNraf/KLvs6ZOoJeepZep/dKX7CRsQi9D8PTY+ko03fB/jzFgDsSfyIdC9PHcaiztjX5P7VZzfcQ0Xr8Aci5pDNj2cZTeXZoV2GGAD+0JNSWKViWpCSz6pJSnEVRMzhkpTC10ZKAQDdBCnFnrLlcEph6c/aFW0p+j/GP2eU8tP3/21YSZsft3N9bJMa3/1HvRfNOn12s6GzTNdF+07pqgDghSSeUvgft+hIqPfHpramWt+uQ3NfDpWP+Bn6/zaUaRO2Op+O8XWmTdZKqF+RZ01vRh+LDEZUBQAvZHJK4ZQWcv2odqzoNZX9VzkbnG+H1pHzcprnUx23uugKZ2M/fceyzjcXkROfZtum3NHjmPYNNVtZQgB4IaQU8YPllJ9srwXhtElVO42+8Z2SUoiVlSmdNd3MP0gpAEDkjJQidbSHm+xxKYXfUPQzdUi8AXHarJ9ShOOrpNSilVC/Is+atopIKQBApHzm/K+gwir6UWd8S/MrF6Udds3uZexmQzHRz0eSjU8hvDx0Kf8Lz5vzqmlCtPupCP3M9qvuiNIvqxcA8ELYCwAOxzp0pxzGl5/olzsAAIvAXgBwGfqjheM0jHCtdQBYDfYCAAAAmAApBQAAAEwgeD3Ta2n/eTh850tp0mE6pcEympKL77idJr872UG5yh+/tJZ/dsz3ciqO59Y8bCqx9GwXzd7zI++Hbil0J51qVn+dOPQFx5qHtdGUErHhSH1nHekWF6d8td66/2ljz4NQ6OjUHJ5wujj+pNxT4nbm/TMYnyFz6d6YrDojHZkVBEePv9/pu2FWz1KMu3ejYyM7LtkVOncf0+fVrPMr5YxY+UbTI0tPSmGVHjEdmzVJKUKH78vDUoq5bl+eUoQfRT2Lz9sjUopFGB+XkRU6Zf93JEefX7Pqvzel2FO2HE4pLP2O3T8fxeg7+kN/LD1OXy6/Xw1lfJutLG1HOWrTnG+peeu4bdX/GtXnYSgfiX+t1q+v6An7u/dQiXMtL0w0/UnFJ1ReyJth6dBTyOsiRU8d+aak267fZSUmflunmuWD5aelyvIh21+lftiR+xKkFD9Vo63EGb+tmt+WNmXGK6EP9YjzLJRbemq5EueR+6UQYzs+BIdSzzdx3jrz2ZLvm4RqfYd9/b6ecEREl3QH/P4WRZZaZXfqc0+sX3fh88uInrpyhx6xYep+M/q7tbB2AH1ph3uI4qelqul/uE71+vsmdS+abe/I5JTCKS3kzrw0fRXq7CvXhH5mF8NS90vhj6Oz+6yz3ppxFudtOFf9rcqq5mzKziRXrCuO6S6Fevr2nM1e16ndqVAlOm/tJ836ls4OPdY8TOlx6vvxr0MUhtpyoK4mluq2/L7oHjaDc0R936U7crOUorl+fEN+kbI8LLkStzPvl0KMpL71nN/TcP/dBuaz0/HU/OxYR36pbsJXpe8PI/0db7j9Heju5mHpvk6fnrrtQeNbxyEMjng6jgdQsTX9/MqeI33nTtj2RpyRUiihd4YkOzvDVqQUJ2DF/14pRX2fTSmsosH5ObiOxMwj9MfRcFpKse/LHr9hNj6pk9iRZPVYbfv0pBpmxyi7r3bsYyukFH5/+9a1I7wd5Wr8V1BhFf2os9ezU7koDbeGprzRt6SfYWXdmavkS2HFvxCG4+6M4wnOb1W0PxW+vO6y0y/H7r5C01Uxnpaer9xSLhYpTcI4d9i1etHhZzM+zfodfmb11D2aq2cbGBery4pRp75D1v+wKPTn6PpOv+7IZ/twcXFxcXVdcC6POXoLHtOvqxckFxcX130vOJ3HnL5fntSjqxckFxcX130vANjB2gAASMK2CdDiX0rRfIfFa2mUWq/nOAr1N3Syr/NY7+b4lQdf5+nwEx5Dx6AfPVXWmYr6upjr8/x1SkoB0KJ8SlEcpe029joMhY7O2FdBj1Jf8WFW/UW2clico+fJoP5Z7qX0HGFU37VCpaQUADU9KYVVmj3mR9oekVJkbZFSwCxIKWYZ9fclUgqAQwlSCuuB/zYjpbD0O/IRW6F+SzkpRQf78NbxrONf1LeG5kw65mfK7WwcxPqhn4ozlp5mZ/VeN6spdq0g1Ap9ieWA4nzRhpQCoCbxlML/uBlbT1Eaagt3BHGLLOpnO9JU4jS0mihOPpXvebNp4xtu/Wdi+anMlg79Vt9T68LxU/FKn96O3ZQJXyJuEUpP/fVISgEwi8kphVNayPWUwtcj1hnpV1bnUkfjhdw9pagpiqyGon7rYzZuYanoVV9KEar16/txbrZtykU9VsKR6sWfNqQUADWkFKQUR9F9NK4QNHGChWe5qP/NKUXWn+n7EikFwCzOSCma93pKMWXXFvsV7jikFDoPSyks3zoO77BVbWuRlKKvs7qfii1SCoBlCf5dij1W0Y+6ltCSWyZC/YnuZfq1ud/G9H458vfw7f73v8r4bn37+zFYfmbl31Jf/6c6+erJWVd2jDr6U/3dl4qVHROiXT84vp+OCd2rsCekFAA1/OuZAIfTc2idzglOTjEx3U9SCoBZkFIAwEnP1catzPWzXxvbJkALUgoAgCRsmwAtSCkAAJKwbQK0uPp/DczFxcV13wsAdly9ILm4uLjuewHAjqsXJBcXF9d9LwDY4f2LOtnffysvTiv6+36PHtqaUqeQN51x/E/d3x1nEPc3zforxKHpz/6jVeTX9/WLzlh6amFt17cixiHsr9ivvV2rcofzYhMAmEuQUvxUdT9u9hG7Lw21NdU6ch/dH8d/p18piRLnp26F9VFUyMPZdTKOP817fybUXe7or+hSUcfxMDThS8QlrNslpQC4O5NTCqe0kOsphS93SPnTUb9ZzfHzbSnF55e9vL6/XUpRnILZ5XBaShGq9et/Wvj+NOWKHlIKgLtDSkFKcQji+UdKYVXocClskjXha0ilFL7ROs9IaairXT5/AN7JGSlF6gix1KY2uw5/Ou5Fr5pdI6Uo7m+UUmytOblISjEYxu75PMUHnlIA3J1/u0DxFeFTYRX9qDO+aviVi9IOu2b3Mv6M+O/0a8TurSmC8P3vXuKM++XRcPzZ98iq7whD/Yo/zVKxsmNCtOsHp8+0VT8lTBkFgLmw9gDuwQkn5RQT0/1s5k9zTQDAFFiZADfgnO/f41bm+slTB4B7wVoFAACACZBSAAAAwASC1zO9lvbr2da7Y6kmTfn4O188R4Vbw+wFgGVJ/Ih0L+9+N9vRGcoVPbPaAgAAQIqelMIqzR7zWTkpBQAAwLIEKcWesuVwSmHpd+QjtkbsOnGAJvtwFUFrxrOov0KoU/Ohw//ueTizkwAA80g8pfA/bvY//bQvDbU5VpzmFk1/mh+b3XHkELIPoDW+VtHlQe6YDyn/u+fb5ZEBALCYnFI4pYX8hJQi1S/H4ZrQNGz3Tyma4+47ps8QZ175Si6PDACABSlFnFKEhqBJNqWoK19I33xIpRRKHT9cAABLcUZK0bxfP6Xw5RDysJQinA+p+dk931YIDgBAE/NZq/VUti76UWd8S/MrF6WKabV7M/rl9BcsvrH6/tca37rhya5apObD/mOza82eMg8B4EmwMQEcDhkAALwBdjoAAACYACkFAAAATICUAgAAACYQvJ7ptXT/IYemMNWkKZ/1blpKj/9anO78OfJbs1pnfbsd83b9IXM8H5n8ew2XhOL8yPuhW4qsk1Pqd8fHmod7eajTKnXmudiko1+LT48UiR+R7uXOVuILHZ2hXNGjkNXj1BnpzhHyB7Bal7s3JqvOrKk7QmpK++tFH69Z6/cExt3TA3U5I/vhSP2++aDPq6vOr1n9uik9KYVVOnI8n3mmklKszGpdHkwp5rp9eUoRfhT1LD6Bj0gpFmHuuMyqf2ZKoejRW/XJR2ouTpBS7ClbDg+Jpd+3m7Jl6Q/9UWw59S+Rr4Yyvs1WlrajHLX5Y9SJv9Wvr9xx26r/NTpxnozEv1br11f0hP3de6jEuZYXJpr+pOITKi/kzbB06CnkdZGip458U6LYddpaoXOsW8K+5ro/iiS05ff3I8yfrAPrE6QUP1WjrSSMl6I8tGIJwzrN2aA0T83La+XrIMZqPKSH8t1SLTfCeat3Z98ktRxEu04vRMdSLukO+P0tiiy1yu7U555Yv+5C8wjp01NX7tAjNgzvxQpHLO2UG9l56+zz229IFW2+M6LkjkxOKZzSQp7dmkPNdbUa389mZd96dpEcLV8Hx0M/zut0WdnKs/KmcqeJuHP5k1yxrjimuxTq6dtzNntdd+wbzkrX7Vr1LZ0deqx5mNLj1PfjL4YojIBVQQmdX9ny3/fQnyGht9n5ps+Qu3OzlEIPulPTWqJK875qp8nXoTuA63Q53H+3/HyuK/hNuncuP1zi6lB86OigeK84M95w+zvQ3c3D0n2dPj1124PGV0wpJsaHlCJVZ33OSClSR7hjZXDy+Vu2aJeUQsSK/71Sivp+fN5aR0sqpehIZZTuNPHX4OUpxb4ve/yG2fhkTyBx/od6rLZ9elINxTEK1c7KJxTTl59finJdckfK1fivoMIq+lFnr2enclEqyuO+Jf0sKje77NS/XL4aVvytOCv1T+ty4eHe9KfCl9dddvrl2N1XaLoqxtPS85VbysUipUkY5w67Vi86/GzGp1m/w8+snrpHc/VsmXHJ9isMUe2MT9b/rD/NuPmVmyYcJy0TQc9vwkO6AQDw5TEbNBQ8dWQf06+HdAMAXo7zFRCexPPG90k9ek5PAAAA4EJIKQAAAGACweuZXkv7xSjx9ZbQlv5ajeNk+FpNtx4AAAD40vhpQ/P+p419voZCR2coV/TMaqvogZBZ4SLsAADr05NSWKXZY/4IuVWHlOISSCkAAN5DkFI4fyAYTyks/eEfJvS/VoT3RX3Ln6xp2Ow38LPj7k+G40j5s5eI3h6tHwDgZBJPKfyPW7T111tkU1toxRI2afpjbdmWFb8aODhRLSR+zfPDrni+yWvnfP0AAOczOaVwSgt5d0qRyie6/cnqgSZ+3lkkdn4+erivlcXQTydbvVw/AMD5kFKQUhxI3/A1j9KZbgmEE8b6qKcUh+oHADifM1KK5n1fSpHaTEf8sYrYzVPUMbTiLE6n0+Iv+imunfP1AwCcj/nM+VNhFf2oM75F+ZWLUt90rnsD/ih6IESPsxP/pp6jUfzcdqnAXtLs9aH6AQAuh10J4HA4/gHgDbDTAQAAwARIKQAAAGACpBQAAAAwgeD1TK+l/Ss45000vUlTnnoxTXn9TdHv1AeF+wbNH/GOebt+KFKTv2/lXhKK8yN/o30j6+R4/ZGYWPMwpd8qdeZ5qolTs6lfaX4LEj8i3cudrcQXOjpDuaJnpO2ILXgq3RuTVWdkOs2aio4ef7/Td8OsnqUYd+9Gx8asfTVbvy8g+rxa4fzS9Sw7PbL0pBRWaTasWfnIdCSlgD4GU4q5k+fylCL8KOpZfE0dkVIswtxxuWNKoejRW/W1fW9KsadsOTwkln5HnrJlVSalOAdncPc3zfqLxPzraiHU563TEau+Ep+s3PLT6rIj8T+KesL+7j1U4lzLCxNNf1LxCZUX8mZYOvQU8rpI0VNHvilR7DptrXim6jsoPoj6FUloy+pvKg4pB9YnSCl+qkZbiT8/nPhuv1PZN5qagiklytTUjcKXZvyLor4VfjSfKqXIzlurF05/m/HxtSl2wx1Naai7pDvg97costQqu1Ofe2L95pSut44+PXXlDj1iw/BerNDcQh1PlPWeciNrzt/nC7m+3v1x9F26I5NTCqe0kItDom9YFn7N1BJK2YUvzpha+6+1sM9E2cqz8qZyp4myHMSjK9QTOqa7FOrp23M2e56kdqdClei8Mz+Vufr1M6vHmocpPU59P/5iiJwIdI91aHREvz9DLGeaQdu0cUkN9H0hpSClOBxnTK1xX4FwX9jy87mu4DdJLTrFbliqm/BV6fvDSH/HG25/B7q7eVi6r9Onp2570PiKKUU2vKItS4NfZ+XzK6V/wT2wgzNSCuUISaUUg/lEdmvTVzI06UspLg/1rHnbLBpMKTq2NjHsNf78vzyl2Pdlj98wG5/sCWRJRk4y3eKUlCK1B3bM57ukFCP7gFX08JRi263GfwUVVtGPOns9O5WL0tB0onv2EtX9dOSg0Jw8WxVVZ16dj+6nPm8dYa2ktruv0HT128rR7+j5yi3lYpHSJIxzh12rFx1+NuPTrN/hZ1ZP3aO5erbMuGT7Fep3XG2S9X/QT0dumejQb/XrjjykG7Ayj1ktcBeYck/lqSP7mH49pBuwINnvHwAjdHzlhTvyvPF9Uo+e0xMAAAC4EFIKAAAAmEDweqbX0n3zsSlMNSnk3c8zUw3f8PrMvbj8OTbjDgAg8vOKuHP/0yZ57oo6Q3nH5p5q4sTh8oPtzVwVecYdACBFT0phlSqb75kpxUj9vt7BEfCUAgDgFgQphfMS9XhKYenPyhVbhbyphJRiIp+Kvby+r5vs5XXl02DcAQBEEk8p/I9b9COu5jlRf9SP+XCvV/IPse+KOShQhtga96LIqXY0jDsAgMjklMIpLeTnpBTWvfNt2FLO0ZIllVJs9rsLyrw6DsYdAEDkdSmFqJ+UYpxsSrEX6uNyNIw7AIDIGSlF6mgnpXgM4RD7f9HQU5BDYdwBAER+NnfnrwPKHw6aehy5ZaIpd/zxuhfZ3YRn7x12YRPmyVZlFc5k2OzZdb7/AABQw0YJR8ExDADwKtj04RD4cg8A8DbY8QEAAGACpBQAAAAwgeD1TK+l/TPRush/DG4VZeWWUev1QB7LAwAAzCLxI9K93DnsfaGjc4o825asAgAAYAo9KYVVOuuYH5Fn25JSAC0LApwAABRqSURBVAAATCFIKZzf5Y+nFJb+rFyx5fgQ6oEOPhVWUVj/KhT/a2FxDwDwHib/65nOZlpvwU1tWbmD4w+b/gk0h6w5Fk79q3D8tITO9AYAeAOTUwqntJCfkFIovrH1H8fdU4qaZlGz1RUuAwBcDCkFu/9R3D2lUOSkFAAAX85IKZr3J6QUKX9gOg9LKZr+M68AAL6Uz3L/FRhPfeuiH3XGtzS/clGalXvdy/gDc8nOn+zgHo3i57ZLNfaSRboAAHAm7HpwFNkzlTMYAODWsInDIWS/qfPNHgDg7rCDAwAAwARIKQAAAGACweuZXkv7V3bZ1yGtoiOehIdurP/a4O24b9D8Edfn7Y3mj+O5ta6bSiw920V/5Do/8jfaN7JOzupUnx5rHtabdkqJ03BKfJz5sPj0SJH4Eele7mwlvtDRmZKPsIIPcBe6Nyarzsh0mjUVHT3N/VQsHdGzFFMOy+k6DyI7LrPGsU+PPq/OPL9G/NE134KelMIqzYZ7RD7CCj7AXRhMKeZOnstTivCjqGfxNXVESrEIc8fljimFokdvpdcnpYifeYaShj1Bf1bu2MrqD30GHT/4mzsZFol57eeWnFdOR6z6X6OO3azc8tPqsiPxP4p6wv7uPVTiXMsLE01/UvEJlRfyZlg69BTyukjRU0e+KVHsOm3DeDZt+eHynXf0WHYtVYoPun7ft7DyfUk8pfA/bsJWpSgX5U1J6F5ooul/OG/Apxnw/X+dateiO6nPW0tezENfre+wr9/XEy400SXdAb+/RZGlVtmd+twT69ddaB45fXrqyh16xIbhvVjBHy9Fv28x67MSB2efL+TKBGtKLP1NnXdkckrhlBZyS5sjr7F65dcPO6L4DzrNgNc7jjIuZ6Js5Vl5U7nTRJyr4SQPrSuO6S6Fevr2nM1e16ndqVAlOu/sP8pc/fqZ1WPNw5Qep74ffzFEVgT67Fro8Qk9bIYo9EeMv65HqXwv7pRSWH3wDYVF41MBfJoB3//XqXYh4T64DcxbZ/mkYtK3XvTVEfrQ0UHxXnFmvOH2d6C7m4el+zp9esLFovuT2retw7J7XES7SpNQz5nnV8phS375jjeFM1KK5v341pxdVCkTYkxA4b4pRX2fnbdW0WBKMbheUjujP/8vTyn2fdnjN8zGJ3sCWZKRk0y3OCWlSO2BHf29S0ohLpzxc+TyHW8K5Wr8V1BhFf2os9ezU7koFeVx3zLKO/wHkXryfIUj43soezf65mfda0dYK6nt7is0Xd0H1tLv6PnKLeVikdIkjHOHXasXHX4249Os3+FnVk/do7l6tsy4ZPslhqh2ySLr/xR//MqDepx+3ZGHdANWRlwtj1lUcDnMpafy1JF9TL8+24eLi4uL6+ALJvGY0/fLk3p09TLj4uLiesMF8AKuXmZcXFxcb7gAXsC/Gd98h8VraZRmX0tRbIl6lPp+c//1mVR8NveNqkXksAJHD806Qz9xHqaUWPvAHt9E975BSgGvokyii1XUbqMtwqbQ0Rn7KuhR6is+FHX0zu5LHSUr3MM6HD0ug/pnuXfJ9BPXQv1R2QTiCqQU8CZ6UgqrNHvMj7Q9M6Xo85mUAnRIKWbh70ukFACHEqQUzoPB8ZTC0u/IR2x163dSCis+fz6+OaXYh6W5WRdxK+o3p9zJKPOzFm6y/9k4iPVD/xVnOvrr6/+2EuOgyEUTH20t1EXNCinTf6SkFPAeEk8p/I+bsfUUpaE2Z0dwmls0/fG3kmb9Dj1KhWvvj2YfhIPG9zj8k6kpTPmfnRvhSVnUDFdrt0tFHcfD0IQjCWtOSSn8pd3cBxzrbZdIKeBNTE4pnNJC7qQUNbp+xR/HdKptqIeUovhv04FlUwpnHjpHUS209Fsfs3ELS5sVOlwKm2RNbFqcRW8dPUqnutevLySlgFexYkph+nqflKJ55Kx2fzTdR+OZTlroJ1nx0TkFRT3dcdP97HMpbJI1oTumN9QDNWv9Bi6RUsCbOCOlaN7rKUV45FtclVIoFVa4P5qHpRRN37rjrCwuPWk4LaXoUOvXF+Osmx5PKZQKpBQATYJ/l8LK1pvyfVFpxq1clHboN7uX6VfKf19P2GWl8gny4/ia+/73I4zvZu3LV2D5WQj3Hazv9618/YWJukmzshNMR3+qv/tSsbJjQreblSsmLCVWfz9VnJvaHNOkFPAq+MfdAA5HP3Qv5AQnbxGHbkgpAEgpAOCk51jnWDkfr19ssPAmSCkAAA6DDRbeBCkFAMBhsMHCm7jZ/zYsVdl5/eqpD2Cfx2rDtJo/sDqkFPAm7vS/DdOr6bY4HtZntTFazR9YGlIKeBO7lIKLi4uL66AL4AVcvcy4uLi43nABvICrlxkXFxfXGy6AF+D9u7/1K43OR79tLbe0fVro+i0G3+GADpwhbtax3tG55N0XcR7W7vH+JgC8lhVTCtNXUopbkU0p9kJxTh6HOA83UgoAgL+ckVI07/WUovspRcofmE44xM5X/2b9ZrWDEP2x5MwrAHgh5Z8b/hUYT33roh91xrc0v3JR2qHf7F7GH5hLOI5blVU4k2E7fdSUybmCnwAAi8CuB0fBmQoA8CrY9OEQ+KYOAPA22PEBAABgAqQUAAAAMIHg9Uyvpf2zzOzrkOITcud1v7CJYivUX8t5vP82jhjuo6fQOlNUXy9zfbbs1uvdt8t6B/BJ/Ih0L3cOXV/o6Ix9PeBHpLN8YJd5D0eM9dHzZ1D/LPdSeo4w6qzZfVZxjmMAz6MnpbBKs0dytu2ILVIKmAUpxTl6+oz6+5KSN5BSAHQTpBT1g8FmTUvSsCfo9+2Khmpbil1LT1g/5f8b2He//jpYx6eov0LoUvOzw/+sHrF+6L/ijKWnFtZ2fStiHML+Wv3yJXs9vpNOp8TOAryQxFMK/+NmbD1Faagtu0f4NP1xTDf3NautuFW9dgP6bs2bFh8n7Ocj+mnJQ//nzqvi0PX1D7pU1FEOaUfPYJzDj5scz30dv9rlkxNgWSanFE5pIVfOdSUhcOjrl+indc928+XuKYU1D/0pUc9YS7+jZMvELSxtVuhwKWySNbF1xbkpF/Uo6zTs+OWTE2BZVkwpAo9JKW5C99G4QgzFI2er/Cel0E34GlIphWiClALgUM5IKZQl3b11OmT7lfJTrJ/1+Uk8LKVITd1sZtz8qCcNp6UUHWr9+oNxVlyasg/4JgDgD/9WUfHt6lNhFf2oawktuWXC15/rXqZfWT/F+imHH8O379//KuO7rbRfK5Ozlm/2rPD1f6qTTJlXTjAd/Xp/i1KxsmNCtOsHx/fTMeGYrmumTADAtvGvZwIczy0OoROcnGLi8mBe7gDAsrA2AMD8Rr6alXP8XNM6wPqwNgAAAGACpBQAAAAwgeD1TK+lUeq/BqU3Gafv9S5YipXHiHf3AAD2eL9V8zOAZmkodHRqDidQbHEArM/KY7SybwAAJ9OTUlilyva6QkpxtF2Yy8pjtLJvAAAnE6QUzh8IxlOK7B8msn+tCKtxHhzHp2Ivr+/rJnt5XfkEuufnmU4CAKxD4imF/3GLjvzmOVF/bKptaquFKX9EJdCNMsTKuBdZyBGu1lj+KKvgUMcAAJZlckrhlBZy57ypaRbFnZO9hSNIpRSb9o8VnplSNOchKQUAgMWKKYXf0K9mwdZ/PtmUYi8U5+RxdM9D5hUAvJYzUormvZ5SiN8Oa/S+wBGEQ1w8grKaL5JS8JQCAMCn/JvCv4LWU99m0Y+6ltCSWyYUu1vydYpaHraFQcJ5slVZhTMZNns0T/Y/O28BAF4CGx8cBccqAMCrYNOHQ+DLOgDA22DHBwAAgAmQUgAAAMAEgtczvZb2r+yar0M6CpUn5B1P0Z3X5XgsfxdWG6bV/AEAWIfEj0j3cmtjDYWOztjX4X+LQvcH1mG1MVrNHwCARehJKazSkbTgzJRiRCecz2pjtJo/AACLEKQUzu/sx1MKS39WrtgaqQMdfCr28vq+brKX15VPIDUP9x/1KQoA8CQm/+uZzmbaPCfqj021ogMj/sB0lCEWx92pdhAd89CZ3gAAb2BySuGUFnJnX64RHXAI/YHpZI9eK/+75Kjum4dOCgsA8HhWTClMX0kpbkX3t/niVL4qpRCLSCkAAP5wRkrRvNdTiu6nFCl/YDrhEDtf/Zv1m9UOomMeMq8A4OU0Xi4rJGHRjzrjW5pfuShVhOKWnfIH5hLOk63KKpxx304ftdQ8vNBPAIBF+LvrfT5cXFyLXgAAd4CUgotr+QsA4A6QUnBxLX8BANyBKqUAgEVgVQLArTBTivD9Mqu043XIg95lC18P5AW69Xn1MJFSAMCt+Psj0r/X5zeraLexz+NQ6OhM+a2g2HrvcXUf3jtGpBQAcCt6UgqrVNn6SSkgy3vHiJQCAG5FkFJYfzjYZqQUlv6sXLHl+BDqgQ4+FXt5fV832cvryiegzMNaWNwPekBKAQA3IvGUwv+4GVttURpqa6p15A6WP6QU56AMcTjuW/SPbB6EON+suTTHT1IKALgVk1MKp7SQO+dNjaNQ5NitH1qkUorN/nJ/yXhZ87Auaraa5QQpBQDciBVTCr9hH6QU55NNKfbCy8dLnIekFAAAX85IKZr3ekphPaUIN+6UPzCdcIiLr/5W80VSiuY8PHZekVIAwK34u1tVm5f11Lcu+lFnfEvzKxelHXbN7mX8gbmE82SrsgpnMmynj5oyD7ddqjHfT1IKALgVZkoBMAgZ2yisSgC4FaQUcAg8B5oAqxIAbgUpBcCqsCoB4FaQUgCsCqsSAG5FlVJwcXGtdikrWav2rey8c+q8zly8NqvrB4A3UP6IlIuLa7lr7pr/fLrv9x/DjIGUAuBtkFJwcS1/jazwqnkqdfAfRWRNA8CzKXeN1LPQUNKwJ+jPykVbiv5D/Vzt/hya8ySM27k+tkmN7/6j3otmne75JpoQ58a3L77zKdMA8GyClOKnqvtxi46Eeh9sarN2wNB6k+b+6+gJ64f+ODu4Eucz789BmTZhq/MRx30TxrfDSsqub/HQlMKZ9n5bAHgkk1MKp7SQO0dyjWLdsaXYdeqn/PG34KXuz8FK2op41kUn+1kgjrvVSrci2g2Vp+LcbNWc0h3z2RcCwINZMaXwG/rVQn8cPUr90J+OLfiq+3MQB65jfA9F9LMuHU8plFZ6Q32dklIAwCBnpBSpo91Su05K4fvjhGWFNGLBlKJ7fA9F9HMTxrfDSsqub3FwnTqGSCkAoODf7lB89flUWEU/6oxvaX7lolS0q2xYKbti/W7/s/E5QX4oYtya8m2BAynlf+F5c+ibJgbtOnLFhK4k21/LNAA8GNY8wOFYh+uzD91n9w4AaljzAJdhfb+/O0/tFwD4XP1v+HBxcXFxcXGJ19pcHR0uLi4uLi4u8Vqbq6PDxcXFxcXFJV5rUzpavATebmP/oTQUiu+pdetRcPSk7K52/wxWe5PRt6t4q8yxKc5M0eP/cEP/WUdWz1KMu3ej3790jIs/f5wJf3Rgzzy/OnaqvqJvjcemFFapMl1GUoqsLaVtdrpnpxEpRZaHpRRz3b48pQg/inoWn7dHnHyLMD4u4YpYPKVQ9CitSCmaBCnFnrLljCFp6neMZm1Z+sP7rFEl531bStE3vh0L9Tj+GK3HMezXp7WgauXN+l+jjt2sfCT+zjR2OujrCfu791CJcy0vTDT9ScUnVF7Im2Hp0FPI6yJFTx35pkS063StrtDUv9lxdmjWVPRn46BYt+o7cr+/gQPPSCl+qkYB9UNWyLPKLT1ONUfS9LNvyPX6ztSfcr8U4orVF/YlPa23SGtMRbmlp2gSqvUd9vX7esIR6d5Y/a3fUl4UWWqV3anPPbF+3YXPLyN66sodesSGyr21T4ZjMbi6wz1EWaqWKqdfloZm/TA+FkEQ3plSOKWFvG+fSlWo8f30/c/OhilLt8PPRXAcaw5K2PD8njbjbE1UUd5U7jRR1kU4yRXrimO6S6EecT43lTTXdWp3KlSJzlv7SbO+pbNDjzUPU3qc+n786xCFY6fXbzrvoMfHd6OpKgxg1jHFqF5KSnF9SqEUidMxtKjUz9rt83MRuteY2PAEwv13E+az3h1xi/f1hHbDUt2Er2p8/ivOjDfc/g50d/OwdF9n5GTSF373+NZx8IOjpAjN++yG71Trm0vZ82tk4AaVfItJKbz7jn0qdZR2bNmprW1i/Vn3S2HFf9aZcQKpeStuu5sRB0tVaE5PKZTuNOnbak9LKfZ9aR5pHZrDOPtuO5KsHqttn55Uw+79R1kL90oppuznlh6x9H4pRbEOPxVW0Y86ez07lYtSf19oytt9m+Tn5i71WfWnyJfCin8hbI67Vf+0Lhce7k1/Knx53WWnX47dfYWmq2I8LT1fuaVcLFKahHHusGv1osPPZnya9Tv8zOqpezRXz5YZF6u+XxTGx3Js3P+wKPTT8c2pH/ZXNLGvcbOU4mpPAADmIJ5PcDueOrKkFAAAC+F/C4TH8LzxlXp0k5OalAIAAGBtbnJSk1IAAACszU1O6uD1TK+l+8ZKU9jRJKXH0pzt17hdeAOpN7kAAPq5XUrx/+ff07fdJvnaqqhzih6lvtN2il14D8wHADiD+6UUXFxcXFxcXCtfa3N1dLi4uLi4uLjEa22ujg4XFxcXFxeXeK1N+c+WOe8NhK87pN6ZyCoX9Sv1HVu8SzGRP7Ha/3dzp81Scf60qB3rfj3T0l8XNVv1dwwA4DBIKUgpjiKbUtSVL6T7PWI9pejQT0oBACtzRkrRvCeleDwPSymmP6XI6mceAsDilM9a/xUYT2Xroh91xrcov3JRail39Jvd6+3XoF34huv73+b4NkN9sqsWyjwZ6Zc4D/cBrO8BANaBXQngcDj+AeANsNMBAADABEgpAAAAYAKkFAAAADABUgoAAACYACkFAAAATICUAgAAACZASgEAAAATIKUAAACACZBSAAAAwARIKQAAAGACpBQAAAAwgf8AZD2QR7mmqMgAAAAASUVORK5CYII=)
从前面的kb命令可以看出第二帧的第一个参数是0080cd88,使用db命令来查看内存,
奇怪的是这个值并不为0!【尝试解决问题1】
我的目标是让程序不再崩溃,所以我能不能把崩溃的指令去掉来解决问题呢?使用OllyDBG来改改看吧。我们把函数调用的部分都是NOP来填充。然后右键使用[copy to executable]来另存为一个新的DLL
确实,使用这个patch之后,确实不会再crash,能正常显示页面,但是仍然无法添加好友。
所以简单的屏蔽崩溃指令,并不能解决问题,
我们必须寻求深层次的崩溃原因。
【调试2】
从上面的调试结果看,最大的疑点是为什么崩溃帧的第一个参数变成0,这也是crash的最根本原因。因为刚才我们使用的都是事后调试,无法跟踪得到更详细的信息。
这里遇到一个比较棘手的问题,因为新打开的IE窗口是一个新建的进程,我们根本来不及attach到该进程,它已经崩溃了,我们如何调试呢?有一个办法,是attach到该进程的父进程,然后使用" .childdbg 1"来调试子进程。
使用process explorer可以看出,该浏览器的父进程为DCOM的service进程,我们attach到这个进程
使用childdbg 1命令:
果然当新窗口打开的时候,windbg捕捉到。
下一步我们要去设置断点,我想在AddContact 偏移处3de0的设置断点,但是由于iexplorer进程刚刚被启动,AddContact模块设置还没有被load,不知道基址,无法设置断点。(由于安全的原因,windows 7的module每次被load到一个随机地址).
我先使用windbg设置一个Module Load的命令,当load AddContact停下来,这样我就可以设置断点。
在windbg中设置Event Filters:
果然停下来了:
可以看到AddContact.dll 的基址为0x0b9e0000,设置断点 "bp 0b9e3de0",然后输入g执行到断点。然后输入t单步调试
发现确实eax不为0,所以传入的参数并不为0,但是后来被改变了。
如何跟踪栈上面的数据变化?我们使用ba命令来监视,这样一旦有人改变,就能停下来让我们知道:
继续执行,发现在执行COM QueryInterface 的时候改变了那个参数的值。
看看汇编代码,可以发现正是这句话让第一个参数变为0,而返回值80004002,这是一个COM 的错误值,找不到interface:
看看堆栈信息,可以发现要查找的COM interface为{e1af1028-b884-44cb-a535-1c3c11a3d1db}
通过google,我们发现这个interfaces是windows communcaitor的
IMessengerGroup所以根本原因是找不到这个interface,为了验证,我在注册表的HKCR\Interface下面查找此键,果然没有发现,在正常的机器上却能找到。我怀疑是windows update的时候这个interface被移除了,所以我们只要重新注册这个interface就可以了。
【总结】
1. 利用.childdbg命令调试子进程
2. Event Filters可以有效的帮助调试DLL
3. ba命令是神器,帮助你监控数据
4. 调试要胆大心细,不放过任何细节,真相就在下一秒,坚持....