64位中的window的user32.dll的translatemessage（）api引發的第一次機會異常

Question

user32.dll的TranslateMessage（）API引發異常。當我嘗試使用windbg命令中的！analyze -v來分析異常時，我得到以下信息。誰能幫我解碼錯誤

FAULTING_IP: 
+0 
ffffffff`e85b6720 ??    ??? 

EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) 
ExceptionAddress: ffffffffe85b6720 
    ExceptionCode: c0000005 (Access violation) 
    ExceptionFlags: 00000000 
NumberParameters: 2 
    Parameter[0]: 0000000000000008 
    Parameter[1]: ffffffffe85b6720 
Attempt to execute non-executable address ffffffffe85b6720 

FAULTING_THREAD: 000000000000642c 

DEFAULT_BUCKET_ID: WRONG_SYMBOLS 

PROCESS_NAME: CapGM.exe 

ADDITIONAL_DEBUG_TEXT: 
You can run '.symfix; .reload' to try to fix the symbol path and load symbols. 

MODULE_NAME: mfc100u 

FAULTING_MODULE: 0000000077720000 ntdll 

DEBUG_FLR_IMAGE_TIMESTAMP: 4df2cfdb 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. 

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. 

EXCEPTION_PARAMETER1: 0000000000000008 

EXCEPTION_PARAMETER2: ffffffffe85b6720 

WRITE_ADDRESS: ffffffffe85b6720 

FOLLOWUP_IP: 
mfc100u+2745a8 
00000000`74eb45a8 488bf0   mov  rsi,rax 

FAILED_INSTRUCTION_ADDRESS: 
+2745a8 
ffffffff`e85b6720 ??    ??? 

APP: capgm.exe 

IP_ON_HEAP: ffffffffe85b6720 
The fault address in not in any loaded module, please check your build's rebase 
log at <releasedir>\bin\build_logs\timebuild\ntrebase.log for module which may 
contain the address if it were loaded. 

PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS 

BUGCHECK_STR: APPLICATION_FAULT_WRONG_SYMBOLS 

LAST_CONTROL_TRANSFER: from 0000000077519bd1 to ffffffffe85b6720 

STACK_TEXT: 
00000000`003bbb68 00000000`77519bd1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`775172cb : 0xffffffff`e85b6720 
00000000`003bbb70 00000000`775172cb : 00000000`00000000 ffffffff`e85b6720 00000000`00000000 00000000`00000000 : USER32!TranslateMessageEx+0x2a1 
00000000`003bbc30 00000000`77516829 : 00000000`00000000 00000000`003bbd78 000007fe`ecfede14 00000018`000000c8 : USER32!SetWindowTextW+0x277 
00000000`003bbc90 00000000`777711f5 : 00000000`00000000 000007fe`ecfb0000 00000000`000003e9 00000000`0055055c : USER32!IsDialogMessageW+0x169 
00000000`003bbcf0 00000000`7751041a : 00000000`77510397 00000000`003bc1a8 00000000`00000000 00000000`003bc1a8 : ntdll!KiUserCallbackDispatcher+0x1f 
00000000`003bbd78 00000000`77510397 : 00000000`003bc1a8 00000000`00000000 00000000`003bc1a8 00000000`003bc1a8 : USER32!SendMessageTimeoutW+0x95a 
00000000`003bbd80 00000000`775105d8 : 00000000`00000000 00000000`00000002 00000000`00000000 00000000`56000000 : USER32!SendMessageTimeoutW+0x8d7 
00000000`003bc0f0 00000000`77510880 : 00000000`00000148 00000000`56000000 00000000`003bc3d9 00000000`74f0c6b0 : USER32!SendMessageTimeoutW+0xb18 
00000000`003bc240 00000000`74eb45a8 : 00000000`00582960 00000000`00000000 00000000`00000320 00000000`00900000 : USER32!CreateWindowExW+0x70 
00000000`003bc2c0 00000000`74eac377 : 00000000`0c07e510 00000000`0c07e510 00000000`00000000 00000000`00900000 : mfc100u+0x2745a8 
00000000`003bc340 00000000`74eac4b6 : 00000000`0055055c 00000000`0c07e510 00000000`56000000 00000000`00000318 : mfc100u+0x26c377 
00000000`003bc400 000007fe`e8ba1316 : 00000000`00000000 00000000`003be330 00000000`0bee1a80 00000000`0c07e510 : mfc100u+0x26c4b6 
00000000`003bc470 000007fe`ecfdaab6 : ffffffff`ffffffff 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : FrontEnd!FrontWindowFactory<dFrontWindow>::create+0x136 

我明白，翻譯消息試圖訪問一些錯誤的地址，但我如何解決它？

Answer 1

像其他人上面提到的一樣 - 首先要做的是獲得正確的符號。

Microsoft爲其Windows二進制文件公開了符號。這將更好地瞭解發生了什麼問題。

現在，查看您已共享的！analyze輸出以及TranslateMessage的簽名。

BOOL WINAPI TranslateMessage( _In_ const MSG *lpMsg );

我最好的猜測是，你是不是驗證該lpMsg是一個真正的輸入。你能粘貼通過的輸入嗎？

一般來說，經驗豐富的公共APIs已經出現一段時間了，它經過了很好的測試。因此，如果出現問題，檢查我們的程序傳遞給它的輸入是個好主意:)

Answer 2

問題已修復。錯誤出現在SetWindowLongPtr（）中。這是SetWindowLong（）的64位變體，雖然函數被改變了，但是它的wriiten的值仍然在long變量中被捕獲。將它改爲LONG_PTR修復了這個問題。現在地址不會被截斷，相應的用戶例程被調用。

感謝大家的幫助:)