窗口的user32.dll的translationmessage（）API在64位中引發的第一次機會異常

Question

user32.dll的TranslateMessage（）API引發異常。 當我嘗試在windbg命令中使用！analyze -v分析異常時，得到以下信息。 誰能幫我解碼錯誤

FAULTING_IP: 
+0
ffffffff`e85b6720 ??              ???

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: ffffffffe85b6720
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000008
   Parameter[1]: ffffffffe85b6720
Attempt to execute non-executable address ffffffffe85b6720

FAULTING_THREAD:  000000000000642c

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

PROCESS_NAME:  CapGM.exe

ADDITIONAL_DEBUG_TEXT:  
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.

MODULE_NAME: mfc100u

FAULTING_MODULE: 0000000077720000 ntdll

DEBUG_FLR_IMAGE_TIMESTAMP:  4df2cfdb

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000008

EXCEPTION_PARAMETER2:  ffffffffe85b6720

WRITE_ADDRESS:  ffffffffe85b6720 

FOLLOWUP_IP: 
mfc100u+2745a8
00000000`74eb45a8 488bf0          mov     rsi,rax

FAILED_INSTRUCTION_ADDRESS: 
+2745a8
ffffffff`e85b6720 ??              ???

APP:  capgm.exe

IP_ON_HEAP:  ffffffffe85b6720
The fault address in not in any loaded module, please check your build's rebase
log at <releasedir>\bin\build_logs\timebuild\ntrebase.log for module which may
contain the address if it were loaded.

PRIMARY_PROBLEM_CLASS:  WRONG_SYMBOLS

BUGCHECK_STR:  APPLICATION_FAULT_WRONG_SYMBOLS

LAST_CONTROL_TRANSFER:  from 0000000077519bd1 to ffffffffe85b6720

STACK_TEXT:  
00000000`003bbb68 00000000`77519bd1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`775172cb : 0xffffffff`e85b6720
00000000`003bbb70 00000000`775172cb : 00000000`00000000 ffffffff`e85b6720 00000000`00000000 00000000`00000000 : USER32!TranslateMessageEx+0x2a1
00000000`003bbc30 00000000`77516829 : 00000000`00000000 00000000`003bbd78 000007fe`ecfede14 00000018`000000c8 : USER32!SetWindowTextW+0x277
00000000`003bbc90 00000000`777711f5 : 00000000`00000000 000007fe`ecfb0000 00000000`000003e9 00000000`0055055c : USER32!IsDialogMessageW+0x169
00000000`003bbcf0 00000000`7751041a : 00000000`77510397 00000000`003bc1a8 00000000`00000000 00000000`003bc1a8 : ntdll!KiUserCallbackDispatcher+0x1f
00000000`003bbd78 00000000`77510397 : 00000000`003bc1a8 00000000`00000000 00000000`003bc1a8 00000000`003bc1a8 : USER32!SendMessageTimeoutW+0x95a
00000000`003bbd80 00000000`775105d8 : 00000000`00000000 00000000`00000002 00000000`00000000 00000000`56000000 : USER32!SendMessageTimeoutW+0x8d7
00000000`003bc0f0 00000000`77510880 : 00000000`00000148 00000000`56000000 00000000`003bc3d9 00000000`74f0c6b0 : USER32!SendMessageTimeoutW+0xb18
00000000`003bc240 00000000`74eb45a8 : 00000000`00582960 00000000`00000000 00000000`00000320 00000000`00900000 : USER32!CreateWindowExW+0x70
00000000`003bc2c0 00000000`74eac377 : 00000000`0c07e510 00000000`0c07e510 00000000`00000000 00000000`00900000 : mfc100u+0x2745a8
00000000`003bc340 00000000`74eac4b6 : 00000000`0055055c 00000000`0c07e510 00000000`56000000 00000000`00000318 : mfc100u+0x26c377
00000000`003bc400 000007fe`e8ba1316 : 00000000`00000000 00000000`003be330 00000000`0bee1a80 00000000`0c07e510 : mfc100u+0x26c4b6
00000000`003bc470 000007fe`ecfdaab6 : ffffffff`ffffffff 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : FrontEnd!FrontWindowFactory<dFrontWindow>::create+0x136

我知道翻譯消息正在嘗試訪問一些錯誤的地址，但是我該如何解決？

Answer 1

問題已解決。 該錯誤是在SetWindowLongPtr（）中。 這是SetWindowLong（）的64位變體，盡管函數已更改，但其wriiten的值仍在long變量中捕獲，將其更改為LONG_PTR可解決此問題。 現在，該地址不會被截斷，並且相應的用戶例程也會被調用。

謝謝大家的幫助:)

Answer 2

就像上面提到的其他人一樣-首先要做的是獲取正確的符號。

Microsoft為其Windows二進制文件公開了公共符號。 這樣可以更好地了解出了什么問題。

現在，查看您共享的！analyze輸出和TranslateMessage的簽名。

BOOL WINAPI TranslateMessage( _In_ const MSG *lpMsg );

我最好的猜測是您沒有驗證lpMsg是真正的輸入。 您可以粘貼傳遞的輸入嗎？

總的來說，已經存在了一段時間的經驗豐富的公共API都經過了很好的測試。 因此，如果那里出了問題，最好檢查一下我們的程序傳遞給它的輸入內容：）