Module: RadASM (RadASM version 2.0.4.3)
Windows XP Service Pack 1
CPU: GenuineIntel Pentium 4 ~2.4GHz with MMX, SSE, SSE2
Physical memory: 1024 MB
Exception code: C0000005h (ACCESS_VIOLATION)
eax=0001C543h ebx=00000000h ecx=00000023h
edx=00000001h esi=00200000h edi=001766CCh
ebp=0012F314h esp=0012F30Ch eip=00401239h
CS=001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0
Flags: IF
Flags: IF
F001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0000h
Stack:
00452B1A 001FFFDD 0012F33C 00401327
0000004D 00000000 001FFFDD 00000002
00453666 00000F0A 001FF010 00000198
0012F454 004031B6 0000004D 00000000
---------------------------
last steps i remember:
i was editing the following line:
call SystemParametersInfo, SPI_GETWORKAREA, edi,
when i pressed last , tooltip appeared showing arguments names for this function. i noticed that they're named diferrently than those in the SDK, so i opened radasm asm folder and edited appropriate line in tasmApiCall.api (using notepad). i closed the notepad (saved changes), switched back to radasm, and pressed ALT+F4. radasm normally asked to write the changes in my project files. i pressed SPACE for each file (SPACE pressed the "yes" button). after saving last file radasm crashed with what you can see above. all files were saved properly before the crash (i checked them).
Windows XP Service Pack 1
CPU: GenuineIntel Pentium 4 ~2.4GHz with MMX, SSE, SSE2
Physical memory: 1024 MB
Exception code: C0000005h (ACCESS_VIOLATION)
eax=0001C543h ebx=00000000h ecx=00000023h
edx=00000001h esi=00200000h edi=001766CCh
ebp=0012F314h esp=0012F30Ch eip=00401239h
CS=001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0
Flags: IF
Flags: IF
F001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0000h
Stack:
00452B1A 001FFFDD 0012F33C 00401327
0000004D 00000000 001FFFDD 00000002
00453666 00000F0A 001FF010 00000198
0012F454 004031B6 0000004D 00000000
---------------------------
last steps i remember:
i was editing the following line:
call SystemParametersInfo, SPI_GETWORKAREA, edi,
when i pressed last , tooltip appeared showing arguments names for this function. i noticed that they're named diferrently than those in the SDK, so i opened radasm asm folder and edited appropriate line in tasmApiCall.api (using notepad). i closed the notepad (saved changes), switched back to radasm, and pressed ALT+F4. radasm normally asked to write the changes in my project files. i pressed SPACE for each file (SPACE pressed the "yes" button). after saving last file radasm crashed with what you can see above. all files were saved properly before the crash (i checked them).
Thanks for bug report.
Did you download the lattest bugfix (2.0.4.3 Bugfix E)?
Maybe also check that the version of RAEdit is 1.0.5.7
KetilO
Did you download the lattest bugfix (2.0.4.3 Bugfix E)?
Maybe also check that the version of RAEdit is 1.0.5.7
KetilO
Hi KetilO,
How to know where is the bug or what's wrong in the program when someone send you the above information? Somebody send me the info like above about the C--IDE, I don't know how to use this info.
Thanks
Exception code: C0000005h (ACCESS_VIOLATION)
eax=0001C543h ebx=00000000h ecx=00000023h
edx=00000001h esi=00200000h edi=001766CCh
ebp=0012F314h esp=0012F30Ch eip=00401239h
CS=001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0
Flags: IF
Flags: IF
F001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0000h
Stack:
00452B1A 001FFFDD 0012F33C 00401327
0000004D 00000000 001FFFDD 00000002
00453666 00000F0A 001FF010 00000198
0012F454 004031B6 0000004D 00000000
eax=0001C543h ebx=00000000h ecx=00000023h
edx=00000001h esi=00200000h edi=001766CCh
ebp=0012F314h esp=0012F30Ch eip=00401239h
CS=001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0
Flags: IF
Flags: IF
F001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0000h
Stack:
00452B1A 001FFFDD 0012F33C 00401327
0000004D 00000000 001FFFDD 00000002
00453666 00000F0A 001FF010 00000198
0012F454 004031B6 0000004D 00000000
How to know where is the bug or what's wrong in the program when someone send you the above information? Somebody send me the info like above about the C--IDE, I don't know how to use this info.
Thanks
Did you download the lattest bugfix (2.0.4.3 Bugfix E)?
Maybe also check that the version of RAEdit is 1.0.5.7
1) no, i downloaded radasm on Aug 6th 2004 (i see that bugfix is available since Aug 08)
2) raedit is 1.0.5.7 (54_272 bytes)
if you need any other info like project options etc. (the things i dont change frequently) just tell me :)
Originally posted by QS_Ong
How to know where is the bug or what's wrong in the program when someone send you the above information? Somebody send me the info like above about the C--IDE, I don't know how to use this info.
Thanks
How to know where is the bug or what's wrong in the program when someone send you the above information? Somebody send me the info like above about the C--IDE, I don't know how to use this info.
Thanks
well if you wrote something youself, then you should know which function raised an exception. as for me - the most useful thing is EIP which shows me where the app crashed, register state, and the stac (which may show last parameters, or other stored info). i usually check if things are calculated properly up to this 'crash point', by trying to guess HOW the registers got the values they have now, and HOW stack is as it is :) the last useful info is memory dump from data sections, but unfortunately i didn't have one. as you can see there is also info about windows version, CPU, and physical memory, so the author can determine if it was windows-related bug rather than his/her own procedure.
...at least that's what I get from such infos :P
another crash :P
Module name: RadASM (RadASM version 2.0.4.3)
Windows XP Service Pack. 1
Exception code: C0000005h (ACCESS_VIOLATION)
Instruction pointer: 00401239h
eax=0001C543h ebx=00000000h ecx=00000023h
edx=00000001h esi=00204000h edi=001766CCh
ebp=0012EFC4h esp=0012EFBCh eip=00401239h
CS=001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0Flags: IF
Flags: IF
F001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0000h
Stack:
00452B1A 00203FDD 0012EFEC 00401327
0000004D 00000000 00203FDD 00000002
00453666 00000F0A 00203010 00000084
0012F104 004031B6 0000004D 00000000
almost identical to the one above :P
last steps:
i was editing "LINK" parameters, after "APPLY" radasm asked to restart the project. this time all files were saved, so it didnt ask to save. right after i pressed "yes" - stating that i want to reopen the project -- it crashed :P
Module name: RadASM (RadASM version 2.0.4.3)
Windows XP Service Pack. 1
Exception code: C0000005h (ACCESS_VIOLATION)
Instruction pointer: 00401239h
eax=0001C543h ebx=00000000h ecx=00000023h
edx=00000001h esi=00204000h edi=001766CCh
ebp=0012EFC4h esp=0012EFBCh eip=00401239h
CS=001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0Flags: IF
Flags: IF
F001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0000h
Stack:
00452B1A 00203FDD 0012EFEC 00401327
0000004D 00000000 00203FDD 00000002
00453666 00000F0A 00203010 00000084
0012F104 004031B6 0000004D 00000000
almost identical to the one above :P
last steps:
i was editing "LINK" parameters, after "APPLY" radasm asked to restart the project. this time all files were saved, so it didnt ask to save. right after i pressed "yes" - stating that i want to reopen the project -- it crashed :P
oh - i forgot to tell - this time i'm using LATEST radasm (downloaded today - aug 11th, 2004) :)
Hi
The bug happends when RadASM is building its wordlist. Most likely it is project dependant.
Installing OllyDbg as a JIT debugger and disabeling RadASM's exception handler (FlipCase addin) will help
tracking the bug.
KetilO
The bug happends when RadASM is building its wordlist. Most likely it is project dependant.
AddWordToWordList proc uses esi edi,nType:DWORD,nOwner:DWORD,lpszStr:DWORD,nParts:DWORD
mov eax,rpWordListPos
add eax,16384
mov edi,WordListSize
.if eax>edi
add edi,WRDMEM
invoke GlobalAlloc,GMEM_MOVEABLE or GMEM_ZEROINIT,edi
push eax
invoke GlobalLock,eax
push eax
push edi
mov esi,lpWordList
mov edi,eax
mov ecx,WordListSize
shr ecx,2
rep movsd
pop edi
invoke GlobalUnlock,hWordList
invoke GlobalFree,hWordList
pop eax
mov lpWordList,eax
pop eax
mov hWordList,eax
mov WordListSize,edi
.endif
mov edi,lpWordList
add edi,rpWordListPos
xor ecx,ecx
mov esi,lpszStr
.if esi
mov edx,nParts
.while edx
(401239h) mov al,[esi]
.if al==0Dh || al==0Ah
dec esi
xor al,al
.elseif al==':' && nType=='S'
mov al,VK_TAB
.endif
mov [edi+ecx+sizeof PROPERTIES],al
.if !al
dec edx
.endif
inc esi
inc ecx
.endw
mov eax,nOwner
mov [edi].PROPERTIES.Owner,eax
mov eax,nType
mov [edi].PROPERTIES.nType,al
mov [edi].PROPERTIES.nSize,ecx
lea edi,[edi+ecx+sizeof PROPERTIES]
mov [edi].PROPERTIES.nSize,0
sub edi,lpWordList
mov rpWordListPos,edi
dec ecx
.endif
mov eax,ecx
ret
AddWordToWordList endp
Installing OllyDbg as a JIT debugger and disabeling RadASM's exception handler (FlipCase addin) will help
tracking the bug.
KetilO
Hi KetilO,
Bugfix E crashes also when attempting to open a file already opened or something like that. I will try to reproduce the bug.
Is it possible to have a question asking wheter you want the exceptions copied to clipboard or not?
(Last time I've lost clipboard data when an exception occurred)
Thanks
Bugfix E crashes also when attempting to open a file already opened or something like that. I will try to reproduce the bug.
Is it possible to have a question asking wheter you want the exceptions copied to clipboard or not?
(Last time I've lost clipboard data when an exception occurred)
Thanks
Hi QS_Ong,
As you can see,
<quote>
Exception code: C0000005h (ACCESS_VIOLATION)
eax=0001C543h ebx=00000000h ecx=00000023h
edx=00000001h esi=00200000h edi=001766CCh
ebp=0012F314h esp=0012F30Ch eip=00401239h
CS=001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0
Flags: IF
Flags: IF
F001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0000h
Stack:
00452B1A 001FFFDD 0012F33C 00401327
0000004D 00000000 001FFFDD 00000002
00453666 00000F0A 001FF010 00000198
0012F454 004031B6 0000004D 00000000
</quote>
You need to debug the same executable with a debugger(say Olly).
Where will you go?;
Instruction pointer: 00401239h <- where the code crashes
what happened?;
ACCESS_VIOLATION (most likely tried to write to a memory part which not initialized yet. Means address has lots of ??????????)
What is the status of registers etc:?
:) you have full of info. All registers, variables on stack etc.
Now think, what reported and what must be and WHY?
then try to fix it. Not so easy especially if ti works well for you and/or u dont have same PC equipment and/or software. Pain in a..
Good Luck
As you can see,
<quote>
Exception code: C0000005h (ACCESS_VIOLATION)
eax=0001C543h ebx=00000000h ecx=00000023h
edx=00000001h esi=00200000h edi=001766CCh
ebp=0012F314h esp=0012F30Ch eip=00401239h
CS=001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0
Flags: IF
Flags: IF
F001Bh DS=0023h SS=0023h
ES=0023h FS=0038h GS=0000h
Stack:
00452B1A 001FFFDD 0012F33C 00401327
0000004D 00000000 001FFFDD 00000002
00453666 00000F0A 001FF010 00000198
0012F454 004031B6 0000004D 00000000
</quote>
You need to debug the same executable with a debugger(say Olly).
Where will you go?;
Instruction pointer: 00401239h <- where the code crashes
what happened?;
ACCESS_VIOLATION (most likely tried to write to a memory part which not initialized yet. Means address has lots of ??????????)
What is the status of registers etc:?
:) you have full of info. All registers, variables on stack etc.
Now think, what reported and what must be and WHY?
then try to fix it. Not so easy especially if ti works well for you and/or u dont have same PC equipment and/or software. Pain in a..
Good Luck
another crash occured while i was creating new project (exactly when i clicked "finish"), but i lost the clipboard data :/ i think it should be saved in some log file
the only things i remember are that it was C0000005, and it was somewhere else than my last 2 crashes (addres ended with '7' ).
the only things i remember are that it was C0000005, and it was somewhere else than my last 2 crashes (addres ended with '7' ).
another crash.
from what i see - the only thing which connects these crashes is that they occur while i restart/close the project/radasm
i attached full debug info (got it using ollydbg)
from what i see - the only thing which connects these crashes is that they occur while i restart/close the project/radasm
i attached full debug info (got it using ollydbg)
Hi
Sorry, did not help much. What I need is your ini files and your project. If your project is not something you will share, then you can e-mail it to me.
KetilO
Sorry, did not help much. What I need is your ini files and your project. If your project is not something you will share, then you can e-mail it to me.
KetilO
.ini and .api files (from radasm asm folder)
these are the only ones i changed
if this won't help - i'll try to prepare my project for unclassifying :P
these are the only ones i changed
if this won't help - i'll try to prepare my project for unclassifying :P
Hi
There is something wrong with your files (ini or api).
Try replacing them one by one until problem dissapears.
KetilO
There is something wrong with your files (ini or api).
Try replacing them one by one until problem dissapears.
KetilO