WinDBG查找C++句柄泄露

徐锦洪  金牌会员 | 2025-1-25 08:45:32 | 显示全部楼层 | 阅读模式
打印 上一主题 下一主题
楼主

主题 973|帖子 973|积分 2919

C++代码(频仍点击About按钮导致Mutex句柄泄露)
  1. HANDLE _mutexHandle;
  3. LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
  4. {
  5.     switch (message)
  6.     {
  7.     case WM_COMMAND:
  8.         {
  9.             int wmId = LOWORD(wParam);
  10.             // 分析菜单选择:
  11.             switch (wmId)
  12.             {
  13.             case IDM_ABOUT:
  14.                 _mutexHandle = CreateMutex(NULL, FALSE, L"abc");
  15.                 DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
  16.                 break;
  17.             case IDM_EXIT:
  18.                 DestroyWindow(hWnd);
  19.                 break;
  20.             default:
  21.                 return DefWindowProc(hWnd, message, wParam, lParam);
  22.             }
  23.         }
  24.         break;
  25.     case WM_PAINT:
  26.         {
  27.             PAINTSTRUCT ps;
  28.             HDC hdc = BeginPaint(hWnd, &ps);
  29.             // TODO: 在此处添加使用 hdc 的任何绘图代码...
  30.             EndPaint(hWnd, &ps);
  31.         }
  32.         break;
  33.     case WM_DESTROY:
  34.         PostQuitMessage(0);
  35.         break;
  36.     default:
  37.         return DefWindowProc(hWnd, message, wParam, lParam);
  38.     }
  39.     return 0;
  40. }
复制代码
编译后生成exe程序,设置WinDBG的源码目录和pdb目录:
File-->Settings-->

 File-->Start debugging
选择目标exe文件启动进程,点击左上角Go按钮,让ui显式,点击Break按钮让进程暂停,在WinDBG的下令行输入:
!htrace -enable
!htrace -snapshot
点击WinDBG左上角的Go按钮继续实行,点击UI上的按钮造成泄露;
点击WinDBG左上角的Break按钮进入调试模式;
在下令行输入:
!htrace 或 !htrace -diff,查看句柄泄露信息:
  1. 0:006> !htrace -diff
  2. Handle tracing information snapshot successfully taken.
  3. 0x1a new stack traces since the previous snapshot.
  4. Ignoring handles that were already closed...
  5. Outstanding handles opened since the previous snapshot:
  6. --------------------------------------
  7. Handle = 0x00000000000002c0 - OPEN
  8. Thread ID = 0x000000000000172c, Process ID = 0x0000000000003d7c
  10. 0x00007ffac544eb64: ntdll!NtCreateMutant+0x0000000000000014
  11. 0x00007ffac2d38fa8: KERNELBASE!CreateMutexExW+0x0000000000000058
  12. 0x00007ff6436c6f00: CPPWindowsProject1!WndProc+0x00000000000000d0
  13. 0x00007ffac50cef5c: USER32!UserCallWinProcCheckWow+0x000000000000050c
  14. 0x00007ffac50ce684: USER32!DispatchMessageWorker+0x0000000000000494
  15. 0x00007ff6436c1d57: CPPWindowsProject1!wWinMain+0x0000000000000117
  16. 0x00007ff6436c2c62: CPPWindowsProject1!invoke_main+0x0000000000000032
  17. 0x00007ff6436c2b12: CPPWindowsProject1!__scrt_common_main_seh+0x0000000000000132
  18. 0x00007ff6436c29ce: CPPWindowsProject1!__scrt_common_main+0x000000000000000e
  19. 0x00007ff6436c2cfe: CPPWindowsProject1!wWinMainCRTStartup+0x000000000000000e
  20. 0x00007ffac37e7374: KERNEL32!BaseThreadInitThunk+0x0000000000000014
  21. 0x00007ffac53fcc91: ntdll!RtlUserThreadStart+0x0000000000000021
  22. --------------------------------------
  23. Handle = 0x00000000000002bc - OPEN
  24. Thread ID = 0x000000000000172c, Process ID = 0x0000000000003d7c
  26. 0x00007ffac544eb64: ntdll!NtCreateMutant+0x0000000000000014
  27. 0x00007ffac2d38fa8: KERNELBASE!CreateMutexExW+0x0000000000000058
  28. 0x00007ff6436c6f00: CPPWindowsProject1!WndProc+0x00000000000000d0
  29. 0x00007ffac50cef5c: USER32!UserCallWinProcCheckWow+0x000000000000050c
  30. 0x00007ffac50ce684: USER32!DispatchMessageWorker+0x0000000000000494
  31. 0x00007ff6436c1d57: CPPWindowsProject1!wWinMain+0x0000000000000117
  32. 0x00007ff6436c2c62: CPPWindowsProject1!invoke_main+0x0000000000000032
  33. 0x00007ff6436c2b12: CPPWindowsProject1!__scrt_common_main_seh+0x0000000000000132
  34. 0x00007ff6436c29ce: CPPWindowsProject1!__scrt_common_main+0x000000000000000e
  35. 0x00007ff6436c2cfe: CPPWindowsProject1!wWinMainCRTStartup+0x000000000000000e
  36. 0x00007ffac37e7374: KERNEL32!BaseThreadInitThunk+0x0000000000000014
  37. 0x00007ffac53fcc91: ntdll!RtlUserThreadStart+0x0000000000000021
  38. --------------------------------------
  39. Handle = 0x00000000000002b8 - OPEN
  40. Thread ID = 0x000000000000172c, Process ID = 0x0000000000003d7c
  42. 0x00007ffac5450d84: ntdll!NtTraceControl+0x0000000000000014
  43. 0x00007ffac53f2f86: ntdll!EtwpRegisterProvider+0x00000000000000ba
  44. 0x00007ffac53f30e5: ntdll!EtwNotificationRegister+0x00000000000000a5
  45. 0x00007ffac53f2ea0: ntdll!EtwEventRegister+0x0000000000000020
  46. 0x00007ffac36ec5ef: MSCTF!TraceLoggingRegisterEx_EventRegister_EventSetInformation+0x0000000000000053
  47. 0x00007ffac36ec579: MSCTF!wil::TraceLoggingProvider::Register+0x0000000000000019
  48. 0x00007ffac36e46b4: MSCTF!wil::details::static_lazy<CtfTraceLoggingTelemetry>::get+0x0000000000000094
  49. 0x00007ffac36e460c: MSCTF!CtfTraceLoggingTelemetry::IsEnabled+0x0000000000000010
  50. 0x00007ffac36e42ac: MSCTF!CtfTraceLoggingTelemetry::InputSessionStarted<unsigned short (&)[41],unsigned long &,_GUID &,_GUID &,unsigned short &,bool &,unsigned long &,unsigned long &,unsigned long &,bool &,unsigned long,bool &>+0x0000000000000034
  51. 0x00007ffac36e40b8: MSCTF!CInputSessionMgr::UpdateInputSession+0x0000000000000338
  52. 0x00007ffac36f378b: MSCTF!SYSTHREAD::RouteKeyToInputService+0x0000000000000103
  53. 0x00007ffac36f33f1: MSCTF!SYSTHREAD::OnKeyboardEvent+0x00000000000000d1
  54. --------------------------------------
  55. Handle = 0x00000000000002b4 - OPEN
  56. Thread ID = 0x000000000000172c, Process ID = 0x0000000000003d7c
  58. 0x00007ffac5450d84: ntdll!NtTraceControl+0x0000000000000014
  59. 0x00007ffac53f2f86: ntdll!EtwpRegisterProvider+0x00000000000000ba
  60. 0x00007ffac53f30e5: ntdll!EtwNotificationRegister+0x00000000000000a5
  61. 0x00007ffac53f2ea0: ntdll!EtwEventRegister+0x0000000000000020
  62. 0x00007ffac46f261f: ole32!InitializeTracing+0x000000000000016f
  63. 0x00007ffac4709727: ole32!DllMain+0x0000000000000033
  64. 0x00007ffac470650f: ole32!dllmain_dispatch+0x000000000000008f
  65. 0x00007ffac53c9a1d: ntdll!LdrpCallInitRoutine+0x0000000000000061
  66. 0x00007ffac541d2f7: ntdll!LdrpInitializeNode+0x00000000000001d3
  67. 0x00007ffac541d08a: ntdll!LdrpInitializeGraphRecurse+0x0000000000000042
  68. 0x00007ffac53ed947: ntdll!LdrpPrepareModuleForExecution+0x00000000000000bf
  69. 0x00007ffac53cfbae: ntdll!LdrpLoadDllInternal+0x000000000000019a
  70. --------------------------------------
  71. Handle = 0x00000000000002b0 - OPEN
  72. Thread ID = 0x000000000000172c, Process ID = 0x0000000000003d7c
  74. 0x00007ffac5450d84: ntdll!NtTraceControl+0x0000000000000014
  75. 0x00007ffac53f2f86: ntdll!EtwpRegisterProvider+0x00000000000000ba
  76. 0x00007ffac53f30e5: ntdll!EtwNotificationRegister+0x00000000000000a5
  77. 0x00007ffac53f2ea0: ntdll!EtwEventRegister+0x0000000000000020
  78. 0x00007ffac46f25b3: ole32!InitializeTracing+0x0000000000000103
  79. 0x00007ffac4709727: ole32!DllMain+0x0000000000000033
  80. 0x00007ffac470650f: ole32!dllmain_dispatch+0x000000000000008f
  81. 0x00007ffac53c9a1d: ntdll!LdrpCallInitRoutine+0x0000000000000061
  82. 0x00007ffac541d2f7: ntdll!LdrpInitializeNode+0x00000000000001d3
  83. 0x00007ffac541d08a: ntdll!LdrpInitializeGraphRecurse+0x0000000000000042
  84. 0x00007ffac53ed947: ntdll!LdrpPrepareModuleForExecution+0x00000000000000bf
  85. 0x00007ffac53cfbae: ntdll!LdrpLoadDllInternal+0x000000000000019a
  86. --------------------------------------
  87. Handle = 0x00000000000002ac - OPEN
  88. Thread ID = 0x000000000000172c, Process ID = 0x0000000000003d7c
  90. 0x00007ffac5450d84: ntdll!NtTraceControl+0x0000000000000014
  91. 0x00007ffac53f2f86: ntdll!EtwpRegisterProvider+0x00000000000000ba
  92. 0x00007ffac53f30e5: ntdll!EtwNotificationRegister+0x00000000000000a5
  93. 0x00007ffac53f2aaa: ntdll!EtwRegisterTraceGuidsW+0x000000000000009a
  94. 0x00007ffac46f2564: ole32!InitializeTracing+0x00000000000000b4
  95. 0x00007ffac4709727: ole32!DllMain+0x0000000000000033
  96. 0x00007ffac470650f: ole32!dllmain_dispatch+0x000000000000008f
  97. 0x00007ffac53c9a1d: ntdll!LdrpCallInitRoutine+0x0000000000000061
  98. 0x00007ffac541d2f7: ntdll!LdrpInitializeNode+0x00000000000001d3
  99. 0x00007ffac541d08a: ntdll!LdrpInitializeGraphRecurse+0x0000000000000042
  100. 0x00007ffac53ed947: ntdll!LdrpPrepareModuleForExecution+0x00000000000000bf
  101. 0x00007ffac53cfbae: ntdll!LdrpLoadDllInternal+0x000000000000019a
  102. --------------------------------------
  103. Handle = 0x0000000000000298 - OPEN
  104. Thread ID = 0x000000000000388c, Process ID = 0x0000000000003d7c
  106. 0x00007ffac544dc74: ntdll!NtDuplicateObject+0x0000000000000014
  107. 0x00007ffac2d6b37c: KERNELBASE!DuplicateHandle+0x000000000000004c
  108. 0x00007ffac35b0e03: RPCRT4!THREAD::THREAD+0x0000000000000087
  109. 0x00007ffac35b0d58: RPCRT4!ThreadSelfHelper+0x0000000000000028
  110. 0x00007ffac35c5850: RPCRT4!RpcpSetThreadpoolCallbackInstance+0x0000000000000050
  111. 0x00007ffac35d1343: RPCRT4!PerformGarbageCollection+0x0000000000000023
  112. 0x00007ffac5422719: ntdll!TppTimerpExecuteCallback+0x00000000000000a9
  113. 0x00007ffac53fd79a: ntdll!TppWorkerThread+0x000000000000068a
  114. 0x00007ffac37e7374: KERNEL32!BaseThreadInitThunk+0x0000000000000014
  115. 0x00007ffac53fcc91: ntdll!RtlUserThreadStart+0x0000000000000021
  116. --------------------------------------
  117. Handle = 0x0000000000000294 - OPEN
  118. Thread ID = 0x000000000000388c, Process ID = 0x0000000000003d7c
  120. 0x00007ffac544ddf4: ntdll!NtCreateEvent+0x0000000000000014
  121. 0x00007ffac2d66dfb: KERNELBASE!CreateEventW+0x000000000000006b
  122. 0x00007ffac35b2bc5: RPCRT4!EVENT::EVENT+0x000000000000002d
  123. 0x00007ffac35b0da6: RPCRT4!THREAD::THREAD+0x000000000000002a
  124. 0x00007ffac35b0d58: RPCRT4!ThreadSelfHelper+0x0000000000000028
  125. 0x00007ffac35c5850: RPCRT4!RpcpSetThreadpoolCallbackInstance+0x0000000000000050
  126. 0x00007ffac35d1343: RPCRT4!PerformGarbageCollection+0x0000000000000023
  127. 0x00007ffac5422719: ntdll!TppTimerpExecuteCallback+0x00000000000000a9
  128. 0x00007ffac53fd79a: ntdll!TppWorkerThread+0x000000000000068a
  129. 0x00007ffac37e7374: KERNEL32!BaseThreadInitThunk+0x0000000000000014
  130. 0x00007ffac53fcc91: ntdll!RtlUserThreadStart+0x0000000000000021
  131. --------------------------------------
  132. Handle = 0x0000000000000280 - OPEN
  133. Thread ID = 0x000000000000172c, Process ID = 0x0000000000003d7c
  135. 0x00007ffac544eb64: ntdll!NtCreateMutant+0x0000000000000014
  136. 0x00007ffac2d38fa8: KERNELBASE!CreateMutexExW+0x0000000000000058
  137. 0x00007ff6436c6f00: CPPWindowsProject1!WndProc+0x00000000000000d0
  138. 0x00007ffac50cef5c: USER32!UserCallWinProcCheckWow+0x000000000000050c
  139. 0x00007ffac50ce684: USER32!DispatchMessageWorker+0x0000000000000494
  140. 0x00007ff6436c1d57: CPPWindowsProject1!wWinMain+0x0000000000000117
  141. 0x00007ff6436c2c62: CPPWindowsProject1!invoke_main+0x0000000000000032
  142. 0x00007ff6436c2b12: CPPWindowsProject1!__scrt_common_main_seh+0x0000000000000132
  143. 0x00007ff6436c29ce: CPPWindowsProject1!__scrt_common_main+0x000000000000000e
  144. 0x00007ff6436c2cfe: CPPWindowsProject1!wWinMainCRTStartup+0x000000000000000e
  145. 0x00007ffac37e7374: KERNEL32!BaseThreadInitThunk+0x0000000000000014
  146. 0x00007ffac53fcc91: ntdll!RtlUserThreadStart+0x0000000000000021
  147. --------------------------------------
  148. Displayed 0x9 stack traces for outstanding handles opened since the previous snapshot.
复制代码
代码中构造的mutex泄露,查找!htrace -diff输出内容,找到CPPWindowsProject1!WndProc+0x00000000000000d0
使用lsa CPPWindowsProject1!WndProc+0x00000000000000d0查看代码,如下:

  1.    143:             {
  2.    144:             case IDM_ABOUT:
  3.    145:                 //_condition_variable = new std::condition_variable();
  4.    146:                 //_mutex = new std::mutex();
  5. >  147:                 _mutexHandle = CreateMutex(NULL, FALSE, L"abc");
  6.    148:                 DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
  7.    149:                 break;
  8.    150:             case IDM_EXIT:
  9.    151:                 DestroyWindow(hWnd);
  10.    152:                 break;
复制代码
找到147行的代码位置。
windbg的lsa指令:显式指令对应的源码 




免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
回复

使用道具 举报

0 个回复

倒序浏览
返回列表

快速回复

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 or 立即注册

本版积分规则

徐锦洪

金牌会员
这个人很懒什么都没写!

楼主热帖

标签云

AI 运维 CIO 存储 服务器
微信订阅号
微信服务号
微信客服
小程序
H5
关于我们 商务合作 网站地图
©Copyright 2022-2024 杭州祥升科技有限公司 版权所有 浙ICP备20004199号
快速回复 返回顶部 返回列表