It's known that on WIndows 2000 systems, HIDE crashes abruptly without even displaying the IDE.
I've successfully compiled HIDE with Debugging Information on a Windows 2003 system. I've copied the EXE to a Win2000 box, with DbgWin running.
As expected, HIDE crashes.
Here is my analysis:
1) DbgWin output:
>Begin [HIDE_MAIN]
args :1
0 : C:\HIDE\hidedbg.exe
>homepath = C:\HIDE\hidedbg.exe
----------------------------------------------------------------------
C:\HIDE\bin;
----------------------------------------------------------------------
>>WinMain
>Init dialog
>setuptoolbar
calling sepproperties
starting combo
filling listbox
filllist
endlist
2) OllyDbg analysis with all .OBJ and import libraries loaded:
Access violation reading [0000002B].
crash at:
77E327B1 F643 2B C0 TEST BYTE PTR DS:[EBX+2B],0C0
CPU Registers:
EAX 0035AB80
ECX 00070280
EDX 00300650
EBX 00000000
ESP 000AFC94
EBP 000AFCB4
ESI 0401E250 hidedbg.0401E250
EDI 00000110
EIP 77E327B1 USER32.77E327B1
C 0 ES 0023 32bit 0(FFFFFFFF)
P 0 CS 001B 32bit 0(FFFFFFFF)
A 0 SS 0023 32bit 0(FFFFFFFF)
Z 0 DS 0023 32bit 0(FFFFFFFF)
S 0 FS 0038 32bit 7FFDE000(FFF)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_INVALID_WINDOW_HANDLE (00000578)EFL 00010202 (NO,NB,NE,A,NS,PO,GE,G)
ST0 empty -4.8329673121945323520e-3190
ST1 empty -1.0294744276154118400e-2179
ST2 empty -3.6566625888593945600e-1881
ST3 empty 4.9586700048153538560e-4932
ST4 empty 1.8259188128794726400e-3977
ST5 empty +UNORM 6D90 000AFC1C BCC896E4
ST6 empty -??? FFFF 00000003 77E748DE
ST7 empty -3.1665466004256337920e-3186
3 2 1 0 E S P U O Z D I
FST 0000 Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT)
FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
CALL STACK:
Call stack of main thread
Address Stack Procedure / arguments Called from Frame
000AFCB8 77E3296D Includes USER32.77E327B1 USER32.77E32966 000AFCB4
000AFCE8 77E2BBB4 USER32.77E3B6DF USER32.77E2BBAF 000AFCE4
000AFDA0 77E29FCF USER32.77E2B4ED USER32.CreateDialogIndirectP 000AFD9C
000AFDC4 77E27652 USER32.CreateDialogIndirectParamAorW USER32.77E2764D 000AFDC0
000AFDC8 04000000 Arg1 = 04000000
000AFDCC 0402721C Arg2 = 0402721C
000AFDD0 00110260 Arg3 = 00110260
000AFDD4 0401611C Arg4 = 0401611C
000AFDD8 00000000 Arg5 = 00000000
000AFDDC 00000002 Arg6 = 00000002
000AFDF0 04006894 USER32.CreateDialogParamA hidedbg.0400688E 000AFDEC
000AFDF4 04000000 hInst = 04000000
000AFDF8 00002710 pTemplate = 2710
000AFDFC 00110260 hOwner = 00110260 ('HIDE',class='H
000AFE00 0401611C pDlgProc = hidedbg.PropertiesProc
000AFE04 00000000 lParam = 0
000AFE34 77E4158F Includes hidedbg.04006894 USER32.77E4158C 000AFE30
000AFE54 77E3B7A9 USER32.77E41577 USER32.77E3B7A4 000AFE50
000AFE84 77E2BBB4 USER32.77E3B6DF USER32.77E2BBAF 000AFE80
000AFF3C 77E29FCF USER32.77E2B4ED USER32.CreateDialogIndirectP 000AFF38
000AFF60 77E27652 USER32.CreateDialogIndirectParamAorW USER32.77E2764D 000AFF5C
000AFF64 04000000 Arg1 = 04000000
000AFF68 04025044 Arg2 = 04025044
000AFF6C 00000000 Arg3 = 00000000
000AFF70 04005900 Arg4 = 04005900
000AFF74 00000000 Arg5 = 00000000
000AFF78 00000002 Arg6 = 00000002
000AFF8C 04007472 USER32.CreateDialogParamA hidedbg.0400746C 000AFF88
000AFF90 04000000 hInst = 04000000
000AFF94 000003E8 pTemplate = 3E8
000AFF98 00000000 hOwner = NULL
000AFF9C 04005900 pDlgProc = hidedbg.04005900
000AFFA0 00000000 lParam = 0
000AFFA4 0400735B hidedbg.0400736B hidedbg.04007356 000AFFAC
000AFFA8 000AFFAC Arg1 = 000AFFAC
000AFFAC 00000000 Arg2 = 00000000
000AFFB0 000AFFE0 Arg3 = 000AFFE0
000AFFB4 04006ABB Arg4 = 04006ABB
following analysis...
Created Windows:
(ordered by PARENT):
Windows
Handle Title Parent WinProc ID Style ExtStyle Thread ClsProc Class
00060258 Project Topmost 14CB0044 00010180 Main 77E27AED #32770
K00050244 00060258 84800002 00000080 Main FFFF02AB tooltips_class32
E000E01BA 00060258 00001389 50010003 00000204 Main FFFF0345 SysTreeView32
00080284 Topmost 84800001 00000080 Main FFFF02AB tooltips_class32
000C0234 Properties Topmost 14CB0044 00010180 Main 77E27AED #32770
K0006023E 000C0234 00002711 56000901 00000004 Main FFFF0357 ToolbarWindow32
K0008027E 000C0234 00002712 50010203 00000004 Main 77E18A91 ComboBox
E000D01AE 000C0234 00002713 500101C3 00000204 Main 77E2718F ListBox
000D01B0 Desktop 000003E8 44A08041 00000080 Main 77E2718F ComboLBox
000D0262 Output Topmost 14C80044 00010180 Main 77E27AED #32770
K0009028A 000D0262 8480000D Main 77E27587 Static
E000B026A 000D0262 50000227 00000200 Main 1000A272 RAEdit
NK00070246 000B026A 54000000 Main 10006F3C RAEditChild
NIE0008023C 00070246 50000001 Main 77E57DDD ScrollBar
NK00090270 000B026A 50000010 Main 77E57DDD ScrollBar
NK000A0264 000B026A FFFFFFFF 50000100 00000101 Main 77E27587 Static
NK000A0266 000B026A 50000000 Main 77E57DDD ScrollBar
NK000A0272 000B026A 50000000 Main 77E27587 Static
NK000A0274 000B026A 50000100 Main 77E27587 Static
NK000A0280 000B026A FFFFFFFC 50000080 Main 77E27A8F Button
NK000B028C 000B026A FFFFFFFD 50000080 Main 77E27A8F Button
NK000E0288 000B026A FFFFFFFE 50001083 Main 77E27A8F Button
NE00120224 000B026A 54000000 Main 10006F3C RAEditChild
NNE00150238 00120224 50000001 Main 77E57DDD ScrollBar
00110260 HIDE Topmost 000D0319 06CF0844 00010110 Main 04005900 HIDEClass
K00090282 00110260 000003EC 56018100 00000004 Main FFFF034B SysTabControl32
K000B027C 00110260 000003EB 56000103 00000004 Main FFFF0343 msctls_statusbar32
K000D026C 00110260 000003EF 50000105 00000004 Main 77E27587 Static
K000D0296 00110260 000003E9 50000105 00000004 Main 77E27587 Static
K000F025E 00110260 000003EA 56000901 00000004 Main FFFF0357 ToolbarWindow32
K000F0268 00110260 000003EE 50000105 00000004 Main 77E27587 Static
E0019024C 00110260 000003ED 50000010 00020004 Main 77E27587 Static
Quote from: indiocolifa on September 30, 2005, 10:11:20 PM
It's known that on WIndows 2000 systems, HIDE crashes abruptly without even displaying the IDE.
Access violation reading [0000002B].
Thanks for the report.
This is exactly the violation others have reported.
=========================
crash at:
77E327B1 F643 2B C0 TEST BYTE PTR DS:[EBX+2B],0C0
=========================
I'll be doing an update pretty soon, I'll try to get a more extensive debug version up, and take a close look at that test instruction.
Another thing you could try:
Load HIDE on a working OS. Close all the tool windows (output, tree, propertiy). Close HIDE.
Copy the Data\hide.ini to the non-working system.
Run it and see what happens.
*if* it opens the HIDE main, then one by one, open the tool windows.
One more thing...
77E327B1 F643 2B C0 TEST BYTE PTR DS:[EBX+2B],0C0
This address is in one of the Windows DLL modules. On my system, it points to AdvAPI32.dll but I can't find a referrence to TEST BYTE PTR DS:[EBX+2B],0C0 at that address (or anywhere in the module). Can you find out (using Olly) which module is causing the crash?
Thanks in advance.
I would just like to interject that the work the two of you are doing is of great importance to me. I enjoy working with HIDE, yet I am currently running a Windows 2000 Server as my desktop OS (study purposes, can't get my hands on 2003 yet). As such I have had to resort to a more GNU-like tool chain process. Although this has furthered my education of the HLA process, it is quite inconvinet.
Please keep up the good work. Resolving the Windows 2000 issue with HIDE would enhance my independant self-education with HLA (and assembly in general). Although I have no experiance with low-level debuging, if provided an appropirotly compiled version of HIDE I could run tests on the systems available to me (those which I have administrative access anyhow).
You may contact me via e-mail at
[email protected]Thank you for your efforts,
QBRADQ
Quote from: Sevag.K on October 01, 2005, 03:33:37 AM
One more thing...
77E327B1 F643 2B C0 TEST BYTE PTR DS:[EBX+2B],0C0
This address is in one of the Windows DLL modules. On my system, it points to AdvAPI32.dll but I can't find a referrence to TEST BYTE PTR DS:[EBX+2B],0C0 at that address (or anywhere in the module). Can you find out (using Olly) which module is causing the crash?
Thanks in advance.
I think (I've done this in a 2000 box I don't have at hands now) was USER32 (which is possibly true, since the last error is INVALID_WINDOW_HANDLE which is triggered by a lot of USER32 APIs).