Data abort in the same function every tim

Tutorials Win: Microsoft Windows Forum

Hi Everyone,

I just made my CE 6 BSP work. Unfortunately, I got an data abort
exception after calling ShowWindow. This happens in every
applications. Does anyone have a clue on this by helping check the
following information?

My platform builder (VS2005) reports:

Exception 'Data Abort' (4): Thread-Id=02980002(pth=84d78690), Proc-
Id=02970002(pprc=84d78378) 'TestApp1.exe', VM-
active=02970002(pprc=84d78378) 'TestApp1.exe'
PC=400298f0(coredll.dll+0x000198f0) RA=400298dc(coredll.dll
+0x000198dc) SP=0a01f870, BVA=82228f3c

The exception is in HimcPrivate::HimcToHimcp. It attempts to read from
a kernel memory "0x82228f38" in user space.

The following is the callstack.

COREDLL!HimcPrivate::HimcToHimcp(unsigned long) address 0x400298bc
COREDLL!ImmIsValidIMC + 24 bytes
COREDLL!ImmSetActiveContext(struct HWND__ *,unsigned long,int) + 356
bytes
K.COREDLL!xxx_PerformCallBack4(_CALLBACKINFO * 0xd070f2a8, void *
0x82228f38, void * 0x00000001, void * 0x00000000) line 292 + 28 bytes
K.COREDLL!ImmSetActiveContextInOwnerProcess(HWND__ * 0x00000000,
unsigned long 0x00000000, int 0x00000000) line 570 + 20 bytes
K.COREDLL!ImmSetActiveContext(struct HWND__ *,unsigned long,int) + 168
bytes
GWES!ImmThunk_ImmSetActiveContext(HWND__ * 0x00000000, unsigned long
0x00000000, int 0x00000000) line 217
GWES!MsgQueue::PreprocessReceivedMsg(HWND__ * 0x700238f0, unsigned int
0x00000007, unsigned int 0x00000000, long 0x00000000, bool *
0xd070f3dc) line 1357
GWES!MsgQueue::SendMessageWithOptions(HWND__ * 0x700238f0, unsigned
int 0x00000007, unsigned int 0x00000000, long 0x00000000, unsigned int
0x00000000) line 3753
GWES!MsgQueue::SetUicFocus(CWindow * 0x700238f0, unsigned int
0x00000010) line 1039
GWES!SetFocus_I(HWND__ * 0x700238f0) line 1696 + 16 bytes
COREDLL!SetFocus(HWND__ * 0x700238f0) line 959 + 28 bytes
COREDLL!DefWindowProcW(HWND__ * 0x700238f0, unsigned int 0x00000006,
unsigned int 0x00000001, long 0x00000000) line 3133
TESTAPP1!WndProc(HWND__ * 0x700238f0, unsigned int 0x00000006,
unsigned int 0x00000001, long 0x00000000) line 298 + 20 bytes
K.COREDLL!xxx_PerformCallBack4(_CALLBACKINFO * 0xd070f6bc, void *
0x00000006, void * 0x00000001, void * 0x00000000) line 292 + 28 bytes
GWES!WindowProcCallback(void * 0x00000000, long (HWND__ *, unsigned
int, unsigned int, long)* 0x03410002, CWindow * 0x00013470, unsigned
int 0x700238f0, unsigned int 0xc03bfec0, long 0x03420002, bool *
0xc03bfec0) line 2312 + 20 bytes
GWES!CWindow::CallWindowProcW_I(CePtr_t<long (__cdecl*)(HWND__
*,unsigned int,unsigned int,long)> {...}, HWND__ * 0x700238f0,
unsigned int 0x00000006, unsigned int 0x00000001, long 0x00000000,
SendMsgEntry_t * 0x00000000) line 2473 + 44 bytes
GWES!MsgQueue::SendMessageWithOptions(HWND__ * 0x700238f0, unsigned
int 0x00000006, unsigned int 0x00000001, long 0x00000000, unsigned int
0x00000000) line 3770 + 68 bytes
GWES!MsgQueue::SetUicActiveWindow(CWindow * 0x700238f0, unsigned int
0x00000002) line 708
GWES!MsgQueue::PreprocessReceivedMsg(HWND__ * 0x700238f0, unsigned int
0x00000060, unsigned int 0x700238f0, long 0x00000002, bool *
0xd070fa54) line 1342
GWES!MsgQueue::SendMessageWithOptions(HWND__ * 0x700238f0, unsigned
int 0x00000060, unsigned int 0x700238f0, long 0x00000002, unsigned int
0x00000000) line 3753
GWES!MsgQueue_SetActiveWindowInternal(HWND__ * 0x700238f0, unsigned
int 0x00000002) line 1463
GWES!CWindow::SetWindowPos_I(HWND__ * 0x700238f0, HWND__ * 0x00000000,
int 0x00000000, int 0x00000000, int 0x00000000, int 0x00000000,
unsigned int 0x00000043) line 2832
GWES!CWindow::ShowWindow_I(HWND__ * 0x700238f0, int 0x00000005) line
1849
COREDLL!ShowWindow(HWND__ * 0x700238f0, int 0x00000005) line 697 + 32
bytes
TESTAPP1!InitInstance(HINSTANCE__ * 0x03410002, int 0x00000005) line
191
TESTAPP1!WinMain(HINSTANCE__ * 0x03410002, HINSTANCE__ * 0x00000000,
unsigned short * 0x1001fe8c, int 0x00000005) line 113 + 12 bytes
COREDLL!MainThreadBaseFunc(void * 0x00013194, const unsigned short *
0x1001fe70, const unsigned short * 0x1001fe8c, HINSTANCE__ *
0x85dda6cc, HINSTANCE__ * 0x00000000, HINSTANCE__ * 0x00000000) line
1068 + 124 bytes

Yours,
Lin
Top

Re: Data abort in the same function every tim by Bruce

Bruce
Fri Mar 14 05:47:03 PDT 2008

> The exception is in HimcPrivate::HimcToHimcp. It attempts to read from
> a kernel memory "0x82228f38" in user space.

you can'd do that. Without knowing anything more, it is hard to offer any
advice.

--
Bruce Eitman (eMVP)
Senior Engineer
beitman AT applieddata DOT net

Applied Data Systems
www.applieddata.net
An ISO 9001:2000 Registered Company
Microsoft WEP Gold-level Member

"shiftus" <LinMaOnly@gmail.com> wrote in message
news:5a4c5623-a1a0-4047-971c-a36c02a4282c@e25g2000prg.googlegroups.com...
> Hi Everyone,
>
> I just made my CE 6 BSP work. Unfortunately, I got an data abort
> exception after calling ShowWindow. This happens in every
> applications. Does anyone have a clue on this by helping check the
> following information?
>
> My platform builder (VS2005) reports:
>
> Exception 'Data Abort' (4): Thread-Id=02980002(pth=84d78690), Proc-
> Id=02970002(pprc=84d78378) 'TestApp1.exe', VM-
> active=02970002(pprc=84d78378) 'TestApp1.exe'
> PC=400298f0(coredll.dll+0x000198f0) RA=400298dc(coredll.dll
> +0x000198dc) SP=0a01f870, BVA=82228f3c
>
> The exception is in HimcPrivate::HimcToHimcp. It attempts to read from
> a kernel memory "0x82228f38" in user space.
>
> The following is the callstack.
>
> COREDLL!HimcPrivate::HimcToHimcp(unsigned long) address 0x400298bc
> COREDLL!ImmIsValidIMC + 24 bytes
> COREDLL!ImmSetActiveContext(struct HWND__ *,unsigned long,int) + 356
> bytes
> K.COREDLL!xxx_PerformCallBack4(_CALLBACKINFO * 0xd070f2a8, void *
> 0x82228f38, void * 0x00000001, void * 0x00000000) line 292 + 28 bytes
> K.COREDLL!ImmSetActiveContextInOwnerProcess(HWND__ * 0x00000000,
> unsigned long 0x00000000, int 0x00000000) line 570 + 20 bytes
> K.COREDLL!ImmSetActiveContext(struct HWND__ *,unsigned long,int) + 168
> bytes
> GWES!ImmThunk_ImmSetActiveContext(HWND__ * 0x00000000, unsigned long
> 0x00000000, int 0x00000000) line 217
> GWES!MsgQueue::PreprocessReceivedMsg(HWND__ * 0x700238f0, unsigned int
> 0x00000007, unsigned int 0x00000000, long 0x00000000, bool *
> 0xd070f3dc) line 1357
> GWES!MsgQueue::SendMessageWithOptions(HWND__ * 0x700238f0, unsigned
> int 0x00000007, unsigned int 0x00000000, long 0x00000000, unsigned int
> 0x00000000) line 3753
> GWES!MsgQueue::SetUicFocus(CWindow * 0x700238f0, unsigned int
> 0x00000010) line 1039
> GWES!SetFocus_I(HWND__ * 0x700238f0) line 1696 + 16 bytes
> COREDLL!SetFocus(HWND__ * 0x700238f0) line 959 + 28 bytes
> COREDLL!DefWindowProcW(HWND__ * 0x700238f0, unsigned int 0x00000006,
> unsigned int 0x00000001, long 0x00000000) line 3133
> TESTAPP1!WndProc(HWND__ * 0x700238f0, unsigned int 0x00000006,
> unsigned int 0x00000001, long 0x00000000) line 298 + 20 bytes
> K.COREDLL!xxx_PerformCallBack4(_CALLBACKINFO * 0xd070f6bc, void *
> 0x00000006, void * 0x00000001, void * 0x00000000) line 292 + 28 bytes
> GWES!WindowProcCallback(void * 0x00000000, long (HWND__ *, unsigned
> int, unsigned int, long)* 0x03410002, CWindow * 0x00013470, unsigned
> int 0x700238f0, unsigned int 0xc03bfec0, long 0x03420002, bool *
> 0xc03bfec0) line 2312 + 20 bytes
> GWES!CWindow::CallWindowProcW_I(CePtr_t<long (__cdecl*)(HWND__
> *,unsigned int,unsigned int,long)> {...}, HWND__ * 0x700238f0,
> unsigned int 0x00000006, unsigned int 0x00000001, long 0x00000000,
> SendMsgEntry_t * 0x00000000) line 2473 + 44 bytes
> GWES!MsgQueue::SendMessageWithOptions(HWND__ * 0x700238f0, unsigned
> int 0x00000006, unsigned int 0x00000001, long 0x00000000, unsigned int
> 0x00000000) line 3770 + 68 bytes
> GWES!MsgQueue::SetUicActiveWindow(CWindow * 0x700238f0, unsigned int
> 0x00000002) line 708
> GWES!MsgQueue::PreprocessReceivedMsg(HWND__ * 0x700238f0, unsigned int
> 0x00000060, unsigned int 0x700238f0, long 0x00000002, bool *
> 0xd070fa54) line 1342
> GWES!MsgQueue::SendMessageWithOptions(HWND__ * 0x700238f0, unsigned
> int 0x00000060, unsigned int 0x700238f0, long 0x00000002, unsigned int
> 0x00000000) line 3753
> GWES!MsgQueue_SetActiveWindowInternal(HWND__ * 0x700238f0, unsigned
> int 0x00000002) line 1463
> GWES!CWindow::SetWindowPos_I(HWND__ * 0x700238f0, HWND__ * 0x00000000,
> int 0x00000000, int 0x00000000, int 0x00000000, int 0x00000000,
> unsigned int 0x00000043) line 2832
> GWES!CWindow::ShowWindow_I(HWND__ * 0x700238f0, int 0x00000005) line
> 1849
> COREDLL!ShowWindow(HWND__ * 0x700238f0, int 0x00000005) line 697 + 32
> bytes
> TESTAPP1!InitInstance(HINSTANCE__ * 0x03410002, int 0x00000005) line
> 191
> TESTAPP1!WinMain(HINSTANCE__ * 0x03410002, HINSTANCE__ * 0x00000000,
> unsigned short * 0x1001fe8c, int 0x00000005) line 113 + 12 bytes
> COREDLL!MainThreadBaseFunc(void * 0x00013194, const unsigned short *
> 0x1001fe70, const unsigned short * 0x1001fe8c, HINSTANCE__ *
> 0x85dda6cc, HINSTANCE__ * 0x00000000, HINSTANCE__ * 0x00000000) line
> 1068 + 124 bytes
>
> Yours,
> Lin


Top

Re: Data abort in the same function every tim by shiftus

shiftus
Sun Mar 16 19:47:50 PDT 2008

Dear Bruce,

I debugged and found more information. Hopefully you can help with
this information.

Every Window based application will crash at the same address. The
crash is caused by "accessing kernel address (0x82228f38+4) in user
mode". I found the address 0x82228f38 is passed to
HimcPrivate::HimcToHimcp in the function call to ShowWindow. The
address 0x82228f38 is actually the value of a member of HWND (offset
0x70). In every application, the value of (hWnd+ 0x70) is always
0x82228f38. When calling ShowWindow(hWnd, nCmdShow);, this value will
pass through a couple of function calls and eventually to
HimcPrivate::HimcToHimcp, and then causes a crash there. I don't know
why GWES always sets hWnd + 0x70 to the same value (of kernel space)
for every Window.

Do you have any suggestion? Thanks a lot.

Top