Sometimes I run my application, it will show [not responding] and be forced to close. I captured a Dump file and open it in WinDbg. Below is the information I get:
Loading unloaded module list
.
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(dd4.1dc): Wake debugger - code 80000007 (first/second chance not available)
eax=00000000 ebx=0018cdb0 ecx=0000000a edx=00000000 esi=00000002 edi=00000000
eip=7708015d esp=0018cd60 ebp=0018cdfc iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtWaitForMultipleObjects+0x15:
7708015d 83c404 add esp,4
With command ".ecxr"
0.000 > .ecxr
eax=00000000 ebx=0018cdb0 ecx=0000000a edx=00000000 esi=00000002 edi=00000000
eip=7708015d esp=0018cd60 ebp=0018cdfc iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtWaitForMultipleObjects+0x15:
7708015d 83c404 add esp,4
With command "!analyze -v"
0:000> !analyze -v
***************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for msvbvm60.dll -
*** ERROR: Module load completed but symbols could not be loaded for AppName.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for msjava.dll -
FAULTING_IP:
+0
00000000 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000
ExceptionCode: 80000007 (Wake debugger)
ExceptionFlags: 00000000
NumberParameters: 0
BUGCHECK_STR: 80000007
PROCESS_NAME: AppName.exe
OVERLAPPED_MODULE: Address regions for 'msjtes40' and 'msadox.dll' overlap
ERROR_CODE: (NTSTATUS) 0x80000007 - {Kernel Debugger Awakened} the system debugger was awakened by an interrupt.
EXCEPTION_CODE: (HRESULT) 0x80000007 (2147483655) - Operation aborted
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: AppName.exe
DERIVED_WAIT_CHAIN:
Dl Eid Cid WaitType
-- --- ------- --------------------------
0 dd4.1dc Handle
WAIT_CHAIN_COMMAND: ~0s;k;;
BLOCKING_THREAD: 000001dc
DEFAULT_BUCKET_ID: APPLICATION_HANG_HungIn_ExceptionHandler
PRIMARY_PROBLEM_CLASS: APPLICATION_HANG_HungIn_ExceptionHandler
LAST_CONTROL_TRANSFER: from 767615e9 to 7708015d
FAULTING_THREAD: 00000000
STACK_TEXT:
0018cd60 767615e9 00000002 0018cdb0 00000001 ntdll!NtWaitForMultipleObjects+0x15
0018cdfc 76361a2c 0018cdb0 0018ce24 00000000 KERNELBASE!WaitForMultipleObjectsEx+0x100
0018ce44 76364220 00000002 7efde000 00000000 kernel32!WaitForMultipleObjectsExImplementation+0xe0
0018ce60 763880c4 00000002 0018ce94 00000000 kernel32!WaitForMultipleObjects+0x18
0018cecc 76387f83 0018cfa4 00000001 00000001 kernel32!WerpReportFaultInternal+0x186
0018cee0 76387878 0018cfa4 00000001 0018cf7c kernel32!WerpReportFault+0x70
0018cef0 763877f7 0018cfa4 00000001 80471969 kernel32!BasepReportFault+0x20
0018cf7c 7295fa2e 00000000 72a2bd04 0018cfac kernel32!UnhandledExceptionFilter+0x1af
WARNING: Stack unwind information not available. Following frames may be wrong.
0018ff80 00405b66 004068b4 763633aa 7efde000 msvbvm60!Zombie_Release+0x10fd5
0018ff94 77099f72 7efde000 719353d4 00000000 AppName+0x5b66
0018ffd4 77099f45 00405b5c 7efde000 00000000 ntdll!__RtlUserThreadStart+0x70
0018ffec 00000000 00405b5c 7efde000 00000000 ntdll!_RtlUserThreadStart+0x1b
FOLLOWUP_IP:
msvbvm60!Zombie_Release+10fd5
7295fa2e c3 ret
SYMBOL_STACK_INDEX: 8
SYMBOL_NAME: msvbvm60!Zombie_Release+10fd5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: msvbvm60
IMAGE_NAME: msvbvm60.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bda6c
STACK_COMMAND: ~0s ; kb
BUCKET_ID: 80000007_msvbvm60!Zombie_Release+10fd5
FAILURE_BUCKET_ID: APPLICATION_HANG_HungIn_ExceptionHandler_80000007_msvbvm60.dll!Zombie_Release
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/AppName_exe/8_0_0_0/52036491/unknown/0_0_0_0/bbbbbbb4/80000007/00000000.htm?Retriage=1
Followup: MachineOwner
Related
I'm trying to make a simple kernel with multiboot. I got the multiboot header working in NASM, but now I'm trying to rewrite it in GNU AS syntax. I think problem is that clang (as on MacOS) is placing the multiboot header at a different address (beyond 8K), but I can't figure out how to get it to work the same as NASM. I'm using the same linker script.
Below is my NASM code, GAS code, linker script, and the output of nm kernel-nasm.bin kernel-gas.bin (sorry for the verbosity).
Here's the working NASM code:
MBALIGN equ 1 << 0
MEMINFO equ 1 << 1
FLAGS equ MBALIGN | MEMINFO
MAGIC equ 0x1BADB002
CHECKSUM equ -(MAGIC + FLAGS)
section .multiboot_header
header_start:
align 4
dd MAGIC
dd FLAGS
dd CHECKSUM
header_end:
section .text
global start
start:
mov dword [0xb8000], 0x2f4b2f4f
hlt
And here's the not working GNU AS code:
.set MBALIGN, 1 << 0
.set MEMINFO, 1 << 1
.set FLAGS, MBALIGN | MEMINFO
.set MAGIC, 0x1BADB002
.set CHECKSUM, -(MAGIC + FLAGS)
.section .multiboot_header
header_start:
.align 4
.long MAGIC
.long FLAGS
.long CHECKSUM
header_end:
.section .text
.global start
start:
movl $0x2f4b2f4f, (0xb8000)
hlt
Linker Script:
ENTRY(start)
SECTIONS {
. = 1M;
.boot : ALIGN(4K)
{
/* ensure that the multiboot header is at the beginning */
*(.multiboot_header)
}
.text : ALIGN (4K)
{
*(.text)
}
}
Output of nm kernel-nasm.bin kernel-gas.bin:
kernel-nasm.bin:
e4524ffb a CHECKSUM
00000003 a FLAGS
1badb002 a MAGIC
00000001 a MBALIGN
00000002 a MEMINFO
0010000c r header_end
00100000 r header_start
00101000 T start
kernel-gas.bin:
e4524ffb a CHECKSUM
00000003 a FLAGS
1badb002 a MAGIC
00000001 a MBALIGN
00000002 a MEMINFO
0000000c n header_end
00000000 n header_start
00100000 T start
Here's the commands I'm using to assemble the code. I'm using Homebrew's LLVM 14.0.6 on macOS:
# For kernel-nasm.bin
nasm -felf32 kernel-nasm.asm -o kernel-nasm.o
ld.lld -n -o kernel-nasm.bin -T linker.ld kernel-nasm.o
# For kernel-gas.bin
as --target=i386-pc-none-elf kernel-gas.S -o kernel-gas.o
ld.lld -n -o kernel-gas.bin -T linker.ld kernel-gas.o
As you can see from the --target= option, as on this machine is clang, not from GNU Binutils. Same for the ld.lld linker being LLVM, not Binutils.
The output of objdump -x kernel-nasm.bin is:
kernel-nasm.bin: file format elf32-i386
kernel-nasm.bin
architecture: i386, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x00101000
Program Header:
LOAD off 0x00001000 vaddr 0x00100000 paddr 0x00100000 align 2**12
filesz 0x0000000c memsz 0x0000000c flags r--
LOAD off 0x00002000 vaddr 0x00101000 paddr 0x00101000 align 2**12
filesz 0x0000000b memsz 0x0000000b flags r-x
STACK off 0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**0
filesz 0x00000000 memsz 0x00000000 flags rw-
Sections:
Idx Name Size VMA LMA File off Algn
0 .boot 0000000c 00100000 00100000 00001000 2**12
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .text 0000000b 00101000 00101000 00002000 2**12
CONTENTS, ALLOC, LOAD, READONLY, CODE
2 .comment 0000001c 00000000 00000000 0000200b 2**0
CONTENTS, READONLY
SYMBOL TABLE:
00000000 l df *ABS* 00000000 hdr.asm
00000001 l *ABS* 00000000 MBALIGN
00000002 l *ABS* 00000000 MEMINFO
00000003 l *ABS* 00000000 FLAGS
1badb002 l *ABS* 00000000 MAGIC
e4524ffb l *ABS* 00000000 CHECKSUM
00100000 l .boot 00000000 header_start
0010000c l .boot 00000000 header_end
00101000 g .text 00000000 start
The output of objdump -x kernel-gas.bin is:
kernel-gas.bin: file format elf32-i386
kernel-gas.bin
architecture: i386, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x00100000
Program Header:
LOAD off 0x00001000 vaddr 0x00100000 paddr 0x00100000 align 2**12
filesz 0x0000000b memsz 0x0000000b flags r-x
STACK off 0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**0
filesz 0x00000000 memsz 0x00000000 flags rw-
Sections:
Idx Name Size VMA LMA File off Algn
0 .boot 0000000c 00000000 00000000 00002000 2**12
CONTENTS, READONLY
1 .comment 0000001c 00000000 00000000 0000200c 2**0
CONTENTS, READONLY
2 .text 0000000b 00100000 00100000 00001000 2**12
CONTENTS, ALLOC, LOAD, READONLY, CODE
SYMBOL TABLE:
e4524ffb l *ABS* 00000000 CHECKSUM
00000003 l *ABS* 00000000 FLAGS
1badb002 l *ABS* 00000000 MAGIC
00000001 l *ABS* 00000000 MBALIGN
00000002 l *ABS* 00000000 MEMINFO
0000000c l .boot 00000000 header_end
00000000 l .boot 00000000 header_start
00100000 g .text 00000000 start
According to the GNU AS documentation, "If the section name is not recognized, the default will be for the section to have none of the above flags: it will not be allocated in memory, nor writable, nor executable. The section will contain data."
To make sure the .boot section is loaded into memory and can be read by the bootloader, the section must have the "a" flag added to it (more info in the documentation above). Like this:
// ... code ...
.section .multiboot_header, "a"
header_start:
.align 4
.long MAGIC
.long FLAGS
.long CHECKSUM
header_end:
// ... code ...
I am using Windbg Preview to debug a common program. I am using kd command to dump the stack,
but I found it doesn't print the corresponding memory just from esp down,
as the r command show that esp points to 0x29af810 , kd just shows me the memory from 0x29af814 and higher, I thought step in one instruction will make it correct itself, but it appear to stay the same. Is it a known bug of Windbg Preview?
It seems produce a wrong answer even at the first break.
(3f44.87c): Break instruction exception - code 80000003 (first
chance)
eax=00000000 ebx=00000000 ecx=189c0000 edx=00000000 esi=77d52054
edi=77d5261c
eip=77df1ba2 esp=005bf984 ebp=005bf9b0 iopl=0 nv up ei pl zr
na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b
efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2b:
77df1ba2 cc int 3
0:000> kd 10
005bf9b0 005bfc10
005bf9b4 77dec0a8 ntdll!LdrpInitializeProcess+0x1c98
005bf9b8 c12453e3
005bf9bc 0286d000
005bf9c0 00000000
005bf9c4 02870000
005bf9c8 00640062
005bf9cc 02af2738
005bf9d0 005bfb44
005bf9d4 00000000
005bf9d8 00000201
005bf9dc 00000000
005bf9e0 005bfb40
005bf9e4 00000000
005bf9e8 02af4198
005bf9ec 77e65d00 ntdll!LdrpWorkQueue
kd prints the raw dwords from the Frame Offset or ChildEBP (see edit )
you can check frame offset with .frame command
#esp can be different
are you observing something different ?
0:000> .frame
00 00a3fc94 00f367ba cdb!wmain+0xb
0:000> k 1
ChildEBP RetAddr
00a3fc94 00f367ba cdb!wmain+0xb
0:000> kd 4
00a3fc94 00a3fcd4
00a3fc98 00f367ba cdb!__wmainCRTStartup+0x107
00a3fc9c 00000001
00a3fca0 050f2210
0:000> ?#esp
Evaluate expression: 10746476 = 00a3fa6c
0:000>
a full call stack for a random process its frames or ChildEBP and the esp Register in RegisterContext if printed below
0:000> .frame 0
00 00a3fc94 00f367ba cdb!wmain+0xb
0:000> .frame 1
01 00a3fcd4 75346359 cdb!__wmainCRTStartup+0x107
0:000> .frame 2
02 00a3fce4 776687a4 KERNEL32!BaseThreadInitThunk+0x19
0:000> .frame 3
03 00a3fd40 77668774 ntdll!__RtlUserThreadStart+0x2f
0:000> .frame 4
04 00a3fd50 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> .frame 5
Cannot find frame 0x5, previous scope unchanged
04 00a3fd50 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> .frame /c 0 ; kd 2
00 00a3fc94 00f367ba cdb!wmain+0xb
eax=00a40000 ebx=00000000 ecx=00f3f2f8 edx=00000080 esi=00000001 edi=00000000
eip=00f33c99 esp=00a3fa6c ebp=00a3fc94 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000216
cdb!wmain+0xb:
00f33c99 a1448ff300 mov eax,dword ptr [cdb!__security_cookie (00f38f44)] ds:002b:00f38f44=4d19f94c
00a3fc94 00a3fcd4
00a3fc98 00f367ba cdb!__wmainCRTStartup+0x107
0:000> .frame /c 1 ; kd 2
01 00a3fcd4 75346359 cdb!__wmainCRTStartup+0x107
eax=00a40000 ebx=00000000 ecx=00f3f2f8 edx=00000080 esi=00000001 edi=00000000
eip=00f367ba esp=00a3fc9c ebp=00a3fcd4 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000216
cdb!__wmainCRTStartup+0x107:
00f367ba 83c40c add esp,0Ch
00a3fcd4 00a3fce4
00a3fcd8 75346359 KERNEL32!BaseThreadInitThunk+0x19
0:000> .frame /c 2 ; kd 2
02 00a3fce4 776687a4 KERNEL32!BaseThreadInitThunk+0x19
eax=00a40000 ebx=0095f000 ecx=00f3f2f8 edx=00000080 esi=00f368c0 edi=00f368c0
eip=75346359 esp=00a3fcdc ebp=00a3fce4 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000216
KERNEL32!BaseThreadInitThunk+0x19:
75346359 50 push eax
00a3fce4 00a3fd40
00a3fce8 776687a4 ntdll!__RtlUserThreadStart+0x2f
0:000> .frame /c 3 ; kd 2
03 00a3fd40 77668774 ntdll!__RtlUserThreadStart+0x2f
eax=00a40000 ebx=0095f000 ecx=00f3f2f8 edx=00000080 esi=75346340 edi=00f368c0
eip=776687a4 esp=00a3fcec ebp=00a3fd40 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000216
ntdll!__RtlUserThreadStart+0x2f:
776687a4 e9fea00300 jmp ntdll!__RtlUserThreadStart+0x3a132 (776a28a7)
00a3fd40 00a3fd50
00a3fd44 77668774 ntdll!_RtlUserThreadStart+0x1b
0:000> .frame /c 4 ; kd 2
04 00a3fd50 00000000 ntdll!_RtlUserThreadStart+0x1b
eax=00a40000 ebx=0095f000 ecx=00f3f2f8 edx=00000080 esi=00000000 edi=00000000
eip=77668774 esp=00a3fd48 ebp=00a3fd50 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000216
ntdll!_RtlUserThreadStart+0x1b:
77668774 cc int 3
00a3fd50 00000000
00a3fd54 00000000
0:000> .frame /c 5 ; kd 2
Cannot find frame 0x1, previous scope unchanged
04 00a3fd50 00000000 ntdll!_RtlUserThreadStart+0x1b
eax=00a40000 ebx=0095f000 ecx=00f3f2f8 edx=00000080 esi=00000000 edi=00000000
eip=77668774 esp=00a3fd48 ebp=00a3fd50 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000216
ntdll!_RtlUserThreadStart+0x1b:
77668774 cc int 3
00a3fd50 00000000
00a3fd54 00000000
0:000>
I am trying to start an Oracle 11g database but it is failing with ORA-01092 and ORA-00600 errors:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Sep 11 15:21:30 2019
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to an idle instance.
SQL> startup upgrade
ORACLE instance started.
Total System Global Area 430075904 bytes
Fixed Size 2176448 bytes
Variable Size 356518464 bytes
Database Buffers 67108864 bytes
Redo Buffers 4272128 bytes
Database mounted.
ORA-01092: ORACLE instance terminated. Disconnection forced
ORA-00600: internal error code, arguments: [4194], [], [], [], [], [], [], [],
[], [], [], []
Process ID: 5044
Session ID: 1 Serial number: 5
SQL> conn
Enter user-name: delhipilot
Enter password:
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Process ID: 0
Session ID: 0 Serial number: 0
SQL>
How can I start my database properly?
Here is an example of patching the system rollback segment header to avoid errors ORA-600 [4193] and ORA-600 [4194] during startup. Note that in this example the segment header is located in file 1 block 9 and the example in note 452620.1 is using file 1 block 2 as the segment header.
parnassusdata can also provide the recovery service.
It is a partial block dump for system rbs segment header file 1 block 9:
TRN CTL:: seq: 0x003a chd: 0x0017 ctl: 0x0052 inc: 0x00000000 nfb: 0x0001
mgc: 0x8002 xts: 0x0068 flg: 0x0001 opt: 2147483646 (0x7ffffffe)
uba: 0x00400197.003a.02 scn: 0x0000.004fbbf0
Version: 0x01
FREE BLOCK POOL::
uba: 0x00400197.003a.02 ext: 0x4 spc: 0x1dd2
uba: 0x00000000.0037.05 ext: 0x1 spc: 0x1d6c
uba: 0x00000000.0035.37 ext: 0x5 spc: 0x538
uba: 0x00000000.0000.00 ext: 0x0 spc: 0x0
1. Generate the bbed executable:
cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk `pwd`/bbed
mv bbed $ORACLE_HOME/bin
2. Create file file.lis with the datafile where the system rollback segment header is stored:
file.lis has:
<relative file#> <datafile name> <size in bytes: v$datafile.bytes>
In our session file.lis contains:
1 /oradata/s102/system01.dbf 524288000
3. Create file bbed.par
bbed.par has:
MODE=EDIT
LISTFILE=<File name created in step2>
BLOCKSIZE=<db_block_size>
In our session bbed.par contains
MODE=EDIT
LISTFILE=file.lis
BLOCKSIZE=8192
4. Run bbed. Use password blockedit:
$ bbed parfile=bbed.par
Password:
BBED: Release 2.0.0.0.0 - Limited Production on Thu Sep 27 10:06:25 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
************* !!! For Oracle Internal Use only !!! ***************
BBED>
5. Go to Block where the system rollback segment header is stored. In our example it is block 9:
BBED> set block 9
BLOCK# 9
6. Run map to see the C structures for the block and the DBA:
BBED> map
File: /oradata/s102/system01.dbf (1)
Block: 9 Dba:0x00400009
------------------------------------------------------------
Unlimited Undo Segment Header
struct kcbh, 20 bytes #0
struct ktech, 72 bytes #20
struct ktemh, 16 bytes #92
struct ktetb[6], 48 bytes #108
struct ktuxc, 104 bytes #4148
struct ktuxe[255], 10200 bytes #4252
ub4 tailchk #8188
Note that dba=0x00400009 is file 1 block 9, so we are positioned in the correct block.
7. Print the structure ktuxc:
BBED> print ktuxc
struct ktuxc, 104 bytes #4148
struct ktuxcscn, 8 bytes #4148
ub4 kscnbas #4148 0x004fbbf1
ub2 kscnwrp #4152 0x0000
struct ktuxcuba, 8 bytes #4156
ub4 kubadba #4156 0x00400197
ub2 kubaseq #4160 0x003a
ub1 kubarec #4162 0x03
sb2 ktuxcflg #4164 1 (KTUXCFSK)
ub2 ktuxcseq #4166 0x003a
sb2 ktuxcnfb #4168 1
ub4 ktuxcinc #4172 0x00000000
sb2 ktuxcchd #4176 6
sb2 ktuxcctl #4178 23
ub2 ktuxcmgc #4180 0x8002
ub4 ktuxcopt #4188 0x7ffffffe
struct ktuxcfbp[0], 12 bytes #4192
struct ktufbuba, 8 bytes #4192
ub4 kubadba #4192 0x00400197
ub2 kubaseq #4196 0x003a
ub1 kubarec #4198 0x0c
sb2 ktufbext #4200 4
sb2 ktufbspc #4202 5630
8. Modify ktuxc.ktuxcnfb to 0x0000
BBED> set offset ktuxc.ktuxcnfb
OFFSET 4168
BBED> print
ktuxc.ktuxcnfb
--------------
sb2 ktuxcnfb #4168 1
BBED> modify 0x0000
File: /oradata/s102/system01.dbf (1)
Block: 9 Offsets: 4168 to 4679 Dba:0x00400009
------------------------------------------------------------------------
00000000 00000000 06001700 02800100 68000000 feffff7f 97014000 3a000c00
0400fe15 00000000 37000500 01006c1d 00000000 35003700 05003805 00000000
00000000 00000000 00000000 00000000 00000000 30000000 93014000 191f5300
00000000 09005f00 00000000 00000000 00000000 01000000 00000000 31000000
96014000 a03e5b00 00000000 09005c00 00000000 00000000 00000000 01000000
00000000 31000000 96014000 9e3e5b00 00000000 09000e00 00000000 00000000
00000000 01000000 00000000 30000000 93014000 f4bb4f00 00000000 09001600
00000000 00000000 00000000 01000000 00000000 31000000 96014000 c13a5b00
00000000 09004800 00000000 00000000 00000000 01000000 00000000 31000000
96014000 983e5b00 00000000 09006000 00000000 00000000 00000000 01000000
00000000 30000000 93014000 f2bb4f00 00000000 09001400 00000000 00000000
00000000 01000000 00000000 31000000 96014000 933e5b00 00000000 09006100
00000000 00000000 00000000 01000000 00000000 31000000 96014000 8d3e5b00
00000000 09004700 00000000 00000000 00000000 01000000 00000000 30000000
94014000 87d15900 00000000 09002100 00000000 00000000 00000000 01000000
00000000 30000000 94014000 211f5300 00000000 09001d00 00000000 00000000
<32 bytes per line>
9. Modify ktuxc.ktuxcfbp[0].ktufbuba to 0x00000000
BBED> set offset ktuxc.ktuxcfbp[0].ktufbuba
OFFSET 4192
BBED> print
ktuxc.ktuxcfbp[0].ktufbuba.kubadba
----------------------------------
ub4 kubadba #4192 0x00400197
BBED> modify 0x00000000
File: /oradata/s102/system01.dbf (1)
Block: 9 Offsets: 4192 to 4703 Dba:0x00400009
------------------------------------------------------------------------
00000000 3a000c00 0400fe15 00000000 37000500 01006c1d 00000000 35003700
05003805 00000000 00000000 00000000 00000000 00000000 00000000 30000000
93014000 191f5300 00000000 09005f00 00000000 00000000 00000000 01000000
00000000 31000000 96014000 a03e5b00 00000000 09005c00 00000000 00000000
00000000 01000000 00000000 31000000 96014000 9e3e5b00 00000000 09000e00
00000000 00000000 00000000 01000000 00000000 30000000 93014000 f4bb4f00
00000000 09001600 00000000 00000000 00000000 01000000 00000000 31000000
96014000 c13a5b00 00000000 09004800 00000000 00000000 00000000 01000000
00000000 31000000 96014000 983e5b00 00000000 09006000 00000000 00000000
00000000 01000000 00000000 30000000 93014000 f2bb4f00 00000000 09001400
00000000 00000000 00000000 01000000 00000000 31000000 96014000 933e5b00
00000000 09006100 00000000 00000000 00000000 01000000 00000000 31000000
96014000 8d3e5b00 00000000 09004700 00000000 00000000 00000000 01000000
00000000 30000000 94014000 87d15900 00000000 09002100 00000000 00000000
00000000 01000000 00000000 30000000 94014000 211f5300 00000000 09001d00
00000000 00000000 00000000 01000000 00000000 30000000 93014000 0d1f5300
<32 bytes per line>
BBED>
10. Disable the block Checksum by changing the kcbh.flg_kcbh-4 and kcbh.chkval_kcbh to 0x0000:
BBED> map
File: /oradata/s102/system01.dbf (1)
Block: 9 Dba:0x00400009
------------------------------------------------------------
Unlimited Undo Segment Header
struct kcbh, 20 bytes #0
struct ktech, 72 bytes #20
struct ktemh, 16 bytes #92
struct ktetb[6], 48 bytes #108
struct ktuxc, 104 bytes #4148
struct ktuxe[255], 10200 bytes #4252
ub4 tailchk #8188
BBED> print kcbh
struct kcbh, 20 bytes #0
ub1 type_kcbh #0 0x0e
ub1 frmt_kcbh #1 0xa2
ub1 spare1_kcbh #2 0x00
ub1 spare2_kcbh #3 0x00
ub4 rdba_kcbh #4 0x00400009
ub4 bas_kcbh #8 0x005b3f76
ub2 wrp_kcbh #12 0x0000
ub1 seq_kcbh #14 0x01
ub1 flg_kcbh #15 0x04 (KCBHFCKV)
ub2 chkval_kcbh #16 0xe264
ub2 spare3_kcbh #18 0x0000
BBED> set offset kcbh.flg_kcbh
OFFSET 15
BBED> print
kcbh.flg_kcbh
-------------
ub1 flg_kcbh #15 0x04 (KCBHFCKV)
BBED> modify 0x00
File: /oradata/s102/system01.dbf (1)
Block: 9 Offsets: 15 to 526 Dba:0x00400009
------------------------------------------------------------------------
0064e200 00000000 00000000 00000000 00000000 00060000 002f0000 00201000
00040000 00060000 00080000 00970140 00000000 00040000 00000000 00000000
00000000 00000000 00000000 00060000 00000000 00000000 00000000 400a0040
00070000 00110040 00080000 00810140 00080000 00890140 00080000 00910140
00080000 00990140 00080000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<32 bytes per line>
BBED> set offset kcbh.chkval_kcbh
OFFSET 16
BBED> print
kcbh.chkval_kcbh
----------------
ub2 chkval_kcbh #16 0xe264
BBED> modify 0x0000
File: /oradata/s102/system01.dbf (1)
Block: 9 Offsets: 16 to 527 Dba:0x00400009
------------------------------------------------------------------------
00000000 00000000 00000000 00000000 00000000 06000000 2f000000 20100000
04000000 06000000 08000000 97014000 00000000 04000000 00000000 00000000
00000000 00000000 00000000 06000000 00000000 00000000 00000040 0a004000
07000000 11004000 08000000 81014000 08000000 89014000 08000000 91014000
08000000 99014000 08000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
<32 bytes per line>
11. Verify the the block has no corruptions:
BBED> verify
DBVERIFY - Verification starting
FILE = /oradata/s102/system01.dbf
BLOCK = 9
DBVERIFY - Verification complete
Total Blocks Examined : 1
Total Blocks Processed (Data) : 0
Total Blocks Failing (Data) : 0
Total Blocks Processed (Index): 0
Total Blocks Failing (Index): 0
Total Blocks Empty : 0
Total Blocks Marked Corrupt : 0
Total Blocks Influx : 0
12. exit, open the database and shrink the system rollback segment:
BBED> exit
[oracle#arem example]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.3.0 - Production on Thu Sep 27 10:28:00 2007
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area 167772160 bytes
Fixed Size 1260696 bytes
Variable Size 62915432 bytes
Database Buffers 100663296 bytes
Redo Buffers 2932736 bytes
Database mounted.
Database opened.
SQL> alter rollback segment system shrink;
Rollback segment altered.
SQL>
I have a function written in C that reads a character from the keyboard, and returns the pressed character.
kmain.c
#include <stdint.h>
char getch()
{
uint16_t inchar;
__asm__ __volatile__ ("int $0x16\n\t"
: "=a"(inchar)
: "0"(0x0));
return ((char)inchar);
}
void println(char *str)
{
while (*str)
{
// AH=0x0e, AL=char to print, BH=page, BL=fg color
__asm__ __volatile__ ("int $0x10"
:
: "a" ((0x0e<<8) | *str++),
"b" (0x0000));
}
}
void kernelmain()
{
println("Println called from C code");
char c;
c = getch();
println(c);
}
boot.asm
extern println
extern kernelmain
global start
bits 16
section .text
start:
xor ax, ax
mov ds, ax
mov es, ax
mov ss, ax
mov esp, 0x7C00
jmp 0x0000:setcs
setcs:
cld
push dword msg1
call dword println
; If you use call instead of jmp, it gonna throw a nice error :)
jmp kernelmain
cli
hlt ; halt the processor
section .data
msg1 db 'Println called from NASM code', 0x0A, 0x0D, 0
But when I want to print that obtained key, it throw this useless error:
qemu: fatal: Trying to execute code outside RAM or ROM at 0xd08ec08e
EAX=00002d78 EBX=00000000 ECX=00000000 EDX=00000000
ESI=00000000 EDI=00000000 EBP=d88ec031 ESP=00007c08
EIP=d08ec08e EFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00009300
CS =0000 00000000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT= 000f6c00 00000037
IDT= 00000000 000003ff
CR0=00000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000
DR6=ffff0ff0 DR7=00000400
CCS=00000004 CCD=0000fe9c CCO=EFLAGS
EFER=0000000000000000
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
Aborted (core dumped)
to compile kernel.bin:
gcc -fno-PIC -ffreestanding -m16 -c kmain.c -o kmain.o
nasm -f elf32 boot.asm -o boot.o
ld -melf_i386 -T link.ld kmain.o boot.o -o kernel.elf
objcopy -O binary kernel.elf kernel.bin
qemu-system-i386 -fda kernel.bin
I found questions with this same error, but they didn't help me. Also, I know it would be better to compile this with OpenWatcom, but it's too complicated.
We have an outlook addin installed, and while opening some of the html-emails, outlook crashes. If we remove the addin, the emails open properly without outlook getting crashed.
The addin isn't supposed to do anything while opening emails. We can't figure out why outlook is crashing beacause of our addin.
We have also disabled hardware acceleration rendering
We analysed the crashdump and what we got in debuglog is pasted below:
FAULTING_IP:
GdiPlus!ScanOperation::Blend_sRGB_sRGB_MMX+43
4ec5ed94 8907 mov dword ptr [edi],eax
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
.exr 0xffffffffffffffff
ExceptionAddress: 4ec5ed94 (GdiPlus!ScanOperation::Blend_sRGB_sRGB_MMX+0x00000043)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: a915a784
Attempt to write to address a915a784
DEFAULT_BUCKET_ID: INVALID_POINTER_READ
PROCESS_NAME: OUTLOOK.EXE
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: a915a784
WRITE_ADDRESS: a915a784
FOLLOWUP_IP:
GdiPlus!ScanOperation::Blend_sRGB_sRGB_MMX+43
4ec5ed94 8907 mov dword ptr [edi],eax
NTGLOBALFLAG: 0
MANAGED_STACK: !dumpstack -EE
!dumpstack -EE
No export dumpstack found
FAULTING_THREAD: 00001508
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ_INVALID_POINTER_WRITE
LAST_CONTROL_TRANSFER: from 4ec5f3a3 to 4ec5ed94
STACK_TEXT:
0013a61c 4ec5f3a3 0000000e 13965ec0 a915a784 GdiPlus!ScanOperation::Blend_sRGB_sRGB_MMX+0x43
0013a638 4ed2aaa2 a915a784 13965ec0 0000000e GdiPlus!EpAlphaBlender::Blend+0x57
0013a690 4ed2ac57 00002000 13965ea8 139663a8 GdiPlus!EpScanGdiDci::DrawScanRecords_Dci+0x1de
0013a6e0 4ecc9c24 00000001 13965ea8 139663a8 GdiPlus!EpScanGdiDci::ProcessBatch_Dci+0x182
0013a704 4ec66d7b 0013a7b8 0013a870 4ec5f2c0 GdiPlus!EpScanGdiDci::EmptyBatch+0xaa
0013a710 4ec5f2c0 0000000e 00000000 4ec619ab GdiPlus!EpScanGdiDci::End+0x1e
0013a71c 4ec619ab 130027f8 13002850 130028d0 GdiPlus!EpScanBufferNative<unsigned long>::~EpScanBufferNative<unsigned long>+0x18
0013a870 4ec9d872 13975eb8 0013a994 130033c8 GdiPlus!DpDriver::DrawImage+0x1ba
0013a8e4 4ec61459 13956260 0013a994 13003548 GdiPlus!DriverMulti::DrawImage+0x78
0013ad40 4ec60d39 0013adb8 13965310 00000003 GdiPlus!GpGraphics::DrvDrawImage+0x2351
0013adf4 4ec609d7 00000000 130021a4 00000000 GdiPlus!GpGraphics::DrawImage+0x215
0013ae60 3d00769f 13956208 13965310 43470000 GdiPlus!GdipDrawImageRectRect+0x1b3
0013aea0 3d0075f3 00000000 00000000 41600000 mshtml!Gdiplus::Graphics::DrawImage+0x62
0013af20 3d123052 0013b0a8 00000000 00e8236d mshtml!XHDC::DrawImage+0x503
0013af80 3d2288bb 0013b0a8 0013b004 0013afe4 mshtml!CImgBitsDIB::StretchBlt+0x2ca
0013b028 3d1607e3 00000640 0013b0a8 1db7d978 mshtml!DrawPlaceHolder+0x33e
0013b0b8 3cf6d4ed 1d99ffd8 0013f658 0013f658 mshtml!CImgHelper::Draw+0x23f
0013b0d0 3cf9b516 0013f658 133f00d0 1d88da2c mshtml!CImgElementLayout::Draw+0x1a
0013b10c 3cf9b461 0013b1a0 0013b164 137215c0 mshtml!CLayout::DrawClient+0x62
0013b4c4 3cf98edf 137e1f88 00000000 00000007 mshtml!CDispLeafNode::DrawSelf+0x432
0013b610 3cf995fe 00000000 137e1f88 00000000 mshtml!CDispNode::Draw+0x217
0013b638 3cf9958e 137e1f88 0013b808 00000000 mshtml!CDispContainer::DrawChildren+0x56
0013b7fc 3cf98edf 137e1f88 1d98a220 00000007 mshtml!CDispContainer::DrawSelf+0x28a
0013b948 3cf995fe 00000000 137e1f88 00000000 mshtml!CDispNode::Draw+0x217
0013b970 3cf9958e 137e1f88 0013bb40 00000000 mshtml!CDispContainer::DrawChildren+0x56
0013bb34 3cf98edf 137e1f88 1d8fb008 00000007 mshtml!CDispContainer::DrawSelf+0x28a
0013bc80 3cf995fe 00000000 137e1f88 00000000 mshtml!CDispNode::Draw+0x217
0013bca8 3cf9958e 137e1f88 0013be78 00000000 mshtml!CDispContainer::DrawChildren+0x56
0013be6c 3cf98edf 137e1f88 1d8fafd0 00000007 mshtml!CDispContainer::DrawSelf+0x28a
0013bfb8 3cf995fe 00000000 137e1f88 00000000 mshtml!CDispNode::Draw+0x217
0013bfe0 3cf9958e 137e1f88 0013c1b0 00000000 mshtml!CDispContainer::DrawChildren+0x56
0013c1a4 3cf98edf 137e1f88 1d8fed68 00000007 mshtml!CDispContainer::DrawSelf+0x28a
0013c2f0 3cf995fe 00000000 137e1f88 00000000 mshtml!CDispNode::Draw+0x217
0013c318 3cf9958e 137e1f88 0013c4e8 00000000 mshtml!CDispContainer::DrawChildren+0x56
0013c4dc 3cf98edf 137e1f88 1db6fc7c 00000007 mshtml!CDispContainer::DrawSelf+0x28a
0013c628 3cf995fe 00000000 137e1f88 00000000 mshtml!CDispNode::Draw+0x217
0013c650 3cf9958e 137e1f88 0013c820 00000000 mshtml!CDispContainer::DrawChildren+0x56
0013c814 3cf98edf 137e1f88 1d889588 00000007 mshtml!CDispContainer::DrawSelf+0x28a
0013c960 3cf995fe 00000000 137e1f88 00000000 mshtml!CDispNode::Draw+0x217
0013c988 3cf9958e 137e1f88 0013cb58 00000000 mshtml!CDispContainer::DrawChildren+0x56
0013cb4c 3cf98edf 137e1f88 137ea79c 00000007 mshtml!CDispContainer::DrawSelf+0x28a
0013cc98 3cf9c490 00000000 137e1f88 00000000 mshtml!CDispNode::Draw+0x217
0013cd48 3ceb0ed7 1d831158 137e1f88 00000000 mshtml!CDispRoot::DrawEntire+0x88
0013f53c 3cf98d12 137215c0 137e1f88 0013f658 mshtml!CDispRoot::DrawRoot+0x319
0013f5ec 3cf9807e 137c3ec8 0013f658 ba0415b1 mshtml!CView::RenderView+0x3b6
0013faa0 3cf7ed29 0000000f 00000000 137c3cd8 mshtml!CDoc::OnPaint+0x5c7
0013fad4 3cfa9457 137c3cd8 0000000f 00000000 mshtml!CServer::OnWindowMessage+0x38f
0013fbfc 3cfa9331 137c3cd8 0000000f 00000000 mshtml!CDoc::OnWindowMessage+0x16c
0013fc28 7e418734 001304b8 0000000f 00000000 mshtml!CServer::WndProc+0x78
0013fc54 7e418816 3cfa92e5 001304b8 0000000f user32!InternalCallWinProc+0x28
0013fcbc 7e42a013 00000000 3cfa92e5 001304b8 user32!UserCallWinProcCheckWow+0x150
0013fcec 7e42a039 ffff0673 001304b8 0000000f user32!CallWindowProcAorW+0x98
0013fd0c 3026f4d5 ffff0673 001304b8 0000000f user32!CallWindowProcW+0x1b
WARNING: Stack unwind information not available. Following frames may be wrong.
0013fd34 7e418734 001304b8 0000000f 00000000 OUTLLIB!FAllowStoreToSend+0x264ff
0013fd60 7e418816 3026f476 001304b8 0000000f user32!InternalCallWinProc+0x28
0013fdc8 7e428ea0 00000000 3026f476 001304b8 user32!UserCallWinProcCheckWow+0x150
0013fe1c 7e428eec 006697a8 0000000f 00000000 user32!DispatchClientMessage+0xa3
0013fe44 7c90e473 0013fe54 00000018 006697a8 user32!__fnDWORD+0x24
0013fe68 7e4194d2 7e428f10 0013fee4 00000000 ntdll!KiUserCallbackDispatcher+0x13
0013feb0 7e418a10 0013fee4 00000000 0013ff04 user32!NtUserDispatchMessage+0xc
0013fec0 30d157fe 0013fee4 0013fee4 300592a7 user32!DispatchMessageW+0xf
0013ff04 3000139e 00000000 00000000 00000000 MSO!Ordinal326+0x21
0013ffc0 7c817077 00380039 00350039 7ffdf000 OUTLOOK+0x139e
0013fff0 00000000 30001084 00000000 00000000 kernel32!BaseProcessStart+0x23
STACK_COMMAND: ~0s; .ecxr ; kb
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: GdiPlus!ScanOperation::Blend_sRGB_sRGB_MMX+43
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: GdiPlus
IMAGE_NAME: GdiPlus.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a841b37
FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_GdiPlus.dll!ScanOperation::Blend_sRGB_sRGB_MMX
BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_INVALID_POINTER_WRITE_GdiPlus!ScanOperation::Blend_sRGB_sRGB_MMX+43
Followup: MachineOwner
I appreciate any help on this issue.