如何检测哪个变量/代码正在创建基于堆栈的缓冲区溢出
[英]How to detect which variable/code is creating a stack-based buffer overrun
问题描述
I have an application that has started failing with 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
我有一个应用程序开始失败并0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
I have a full crash dump and source code, but this leads me to terminate() and abort() functions in the Windows API and I can't see any application-specific code stepping through the call stack.我有一个完整的故障转储和源代码,但这导致我在 Windows API 中使用terminate()和abort()函数,我看不到任何特定于应用程序的代码单步执行调用堆栈。
The user has indicated they get an Out of Memory error when launching the app UI (it can run on the command line or launch a UI).用户表示他们在启动应用程序 UI 时遇到 Out of Memory 错误(它可以在命令行上运行或启动 UI)。
My question is, does the above exception indicate the application is trying to load too much data onto the stack and if it does is there any way to detect which variable and preferably which line of code causes the stack buffer overrun to occur?我的问题是,上面的异常是否表明应用程序试图将过多的数据加载到堆栈上,如果确实如此,是否有任何方法可以检测哪个变量,最好是哪一行代码导致堆栈缓冲区溢出发生? I am analysing the dump file using WinDbg and Visual Studio.我正在使用 WinDbg 和 Visual Studio 分析转储文件。
The stack is below.堆栈在下面。
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0019d2f8 00868f91 MyApp+0x4ccf73
01 0019d308 7490e9a2 MyApp+0x468f91
02 0019d39c 7709d30e KERNELBASE!UnhandledExceptionFilter+0x172
03 0019ffdc 77061b34 ntdll!__RtlUserThreadStart+0x3b7d4
04 0019ffec 00000000 ntdll!_RtlUserThreadStart+0x1b
1 个解决方案
解决方案1
1 已采纳 2022-04-05 16:03:17
- Activate Application Verifier for your application.为您的应用程序激活应用程序验证程序。 It helps finding the problem more closely to the actual root cause.它有助于找到更接近实际根本原因的问题。
- Then run it using a debugger.然后使用调试器运行它。
- Fix your symbols 修正你的符号
- Use a large CounterString (16 MB or so; funny generators here ) and paste it into every textbox you have.使用一个大的CounterString (16 MB 左右; 有趣的生成器在这里)并将其粘贴到您拥有的每个文本框中。 This will probably overflow every unprotected buffer you have in your application.这可能会溢出您应用程序中所有未受保护的缓冲区。
- Wait for the application to throw an exception.等待应用程序抛出异常。 It may not be the exact exception you're seeing, because Application Verifier may have introduced his own exceptions.它可能不是您看到的确切异常,因为应用程序验证器可能引入了他自己的异常。
- Analyze the exception and look out for hints given by Application Verifier.分析异常并留意 Application Verifier 给出的提示。 It may give you helpful additional information which is only available because you activated Application Verifier.它可能会为您提供有用的附加信息,这些信息仅在您激活应用程序验证程序后才可用。
- If needed, make use of the CounterString and find it in the memory (likely on the stack in your case)如果需要,使用 CounterString 并在 memory 中找到它(在您的情况下可能在堆栈中)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.