Strange Crash

[raleeper]

My program crashes in a way I do not understand.

I get a dialog box titled

   drwtsn32.exe - Unable To Locate Component

containing

   This application has failed to start because
   dbgeng.dll was not found. Re-installing the
   application may fix this problem.

         [OK]

The program works as expected if the distance between the start of .DATA and a certain structure is 7CF bytes, but it crashes if one more byte is added.  It appears that I can work around this by moving the structure to the start of the data segment, but I would like to understand what is going on.

The crash occurs at the end of the loop that uses the structure.  The loop ends with

   lodsb

   cmp   al, [lev]
     jz   dsp_lp

   retn

and the crash occurs when the cmp gives NZ. (The retn is not reached)

Any suggestions?

[P1]

What do you have for Alignment?

Regards,  P1   :8)

[raleeper]

"What do you have for Alignment?"

I don't know.   I don't think I understand the question.  Placing Align before the structure has no effect, except when it causes the 7CF limit to be exceeded.

Incidentally, I was wrong about when the crash occurs.  It is not when the cmp al, [lev] gives NZ, but after 6 times thru the loop - or after 4 times if  I add 9 bytes to the 6th string (of 8) strings.  I'll try to find out more about just what conditions cause the crash and when the crash occurs. 

I'd be happy tho if you could just tell me what the dialog box message means and when in general this type of crash occurs.

I wouldn't ask anyone to try to figure out my sloppy and idiosyncratic code, but  here is the full loop:

Code Select Expand


;; DSP LFile Display

;   dsp: esi <- OF fmem ebx <- OF smap lodsb

dsp:
mov esi, OF fmem            ;OF = Offset

mov ebx, OF smap

lodsb
; al,[lev] <- al-1

dec al
mov [lev], al
;   _lp: edi <- [ebx+0C]-esi-1 al <- [ebx+1]

dsp_lp:
mov edi, [ebx+0C]
sub edi, esi
dec edi

mov al, BY [ebx+1]           ;BY = Byte Ptr
; // al=[mbkg] => @F // call clrexp

cmp al, [mbkg]
;   jz @F

call clrexp
; !SetBkColor !DrawText eax <- [lszh]

invoke SetBkColor,hdc,edx

invoke DrawText,hdc,esi,1, ADDR rect, tfmt

mov eax, [lszh]
; add [r_lft], eax inc esi !SetBkColor

add [r_lft], eax

inc esi

invoke SetBkColor,hdc,0FF0000h
; !drawtext DP [r_lft] <- 0

invoke DrawText,hdc,esi,edi, ADDR rect, tfmt

mov DP [r_lft], 0          ;DP = Dword Ptr
;   _frk: add bl, 8 eax <- [lszv] esi <= [ebx+4]

dsp_frk:
add bl, 8

mov eax, [lszv]

mov esi, [ebx+4]
; add [r_top], eax lodsb al=[lev] => _lp

add [r_top], eax

lodsb

cmp al, [lev]
  jz dsp_lp


and here is the relevant (I think) part of the data:

Code Select Expand


...

fmem DB 0FDh, "CMF",crlf         ;crlf = 0Dh,0A
lf$2 DB 0FC, "1st",crlf
;lf$3 DB 0FC, "2st - at line 3",crlf
lf$3 DB 0FC,"3st 456789abcdef 123456789abcdef 123456789abcdef 123456789abcdef 123456789abcdef",crlf
lf$4 DB 0FC,crlf
lf$5 DB 0FC,"5st Testxxxxxxxxx",crlf
lf$6 DB 0FC,"6st no.",crlf
lf$nd DB 0FD,"Files End"

...

smap LABEL DWORD ; 0    1    2    3    4    5    6    7
; line clr  \rsvd/    \    address   /
DB 1,2,0,0 ;0 colors
DD fmem ;4 0   1   2   3   4   5   6   7
DB 2,3,0,0 ;8 blk blu grn cy  red mag bro wh
DD lf$2 ;0C
DB 3,1,0,0
DD lf$3
DB 4,1,0,0
DD lf$4
DB 5,1,0,0
DD lf$5
DB 6,1,0,0
DD lf$6
DB 7,1,0,0
DD lf$nd
DD (24-5)*2 DUP (0)


raleeper, try and use the code tags so your code is easier to read.

[raymond]

Code Select Expand

   add   bl, 8
   mov   eax, [lszv]
   mov   esi, [ebx+4]

You seem to use EBX as a pointer to some area of memory. By adding 8 to BL only, that pointer would decrease by 248 bytes (and possibly create a page fault/crash) if the low byte of EBX is 0F8h or higher.

Try replacing that instruction with add ebx,8 (assuming you really want to increment your pointer by 8).

Raymond

[P1]

"What do you have for Alignment?"

I don't know.   I don't think I understand the question.  Placing Align before the structure has no effect, except when it causes the 7CF limit to be exceeded.

Code Select Expand

Align 4

This cleaned up a wierd problem on a 32bit uP with interesting features.  It was the first thing I wondered about.

Regards,  P1   :8)

[raleeper]

Code Select Expand

   add   bl, 8
   mov   eax, [lszv]
   mov   esi, [ebx+4]

You seem to use EBX as a pointer to some area of memory. By adding 8 to BL only, that pointer would decrease by 248 bytes (and possibly create a page fault/crash) if the low byte of EBX is 0F8h or higher.

Try replacing that instruction with add ebx,8 (assuming you really want to increment your pointer by 8).

Raymond

Yes.  I had assumed that the value of ebx would be xxxxxx00, ie., aligned on a page, since it was initialized to a structure located at the start of .data?

However, changing add bl, 8 to add ebx, 8 has no effect - the program still crashes in the same way (except that now WinDbg:6.7.005, which I have downloaded and installed is started.)

I am trying to learn WinDbg, but the problem I haven't figured out how to solve is that it does not recognize my labels.

"bpstart" works fine and so does bpWinMain, but "bpdsp" (where dsp is the routine causing the crash) or bptst in the context

    start:
    tst:

gives "Bp expression 'dsp' (or 'tst') could not be resolved, adding deferred bp".

I am assembling and linking using

h:\masm32\bin\ml /c /coff /Cp /Fl /W2 /Zi lfw.asm >errs
h:\masm32\bin\link /SUBSYSTEM:WINDOWS /LIBPATH:h:\masm32\lib /DEBUG /DEBUGTYPE:CV lfw.obj >>errs

and WinDbg finds my source, which seems to be synced to the disassembly.

Thanks.

[raleeper]

I am trying to learn WinDbg, but the problem I haven't figured out how to solve is that it does not recognize my labels.

"bpstart" works fine and so does bpWinMain, but "bpdsp" (where dsp is the routine causing the crash) or bptst in the context

    start:
    tst:

gives "Bp expression 'dsp' (or 'tst') could not be resolved, adding deferred bp".

I'm going to need to solve this at some point, but it's not immediately crucial, since I've found I can set breakpoints by putting the cursor in the desired source line and hitting F9 (another carryover frome Codeview [for DOS]).

[raleeper]

Is there a way to ask WinDbg to emulate Codeview 2.2?