I am seeing a crash in my application,
Here is the call stack
eax=aa893f00 ebx=150b6f00 ecx=153ec728 edx=153fcec0 esi=153fe330 edi=153ec728
eip=aa893f00 esp=008ff080 ebp=008ff09c iopl=0 nv up ei ng nz ac po cy
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210293
aa893f00 ?? ???
*** Stack trace for last set context - .thread/.cxr resets it
# ChildEBP RetAddr
WARNING: Frame IP not in any known module. Following frames may be wrong.
00 008ff07c 68b18a3a 0xaa893f00
01 008ff09c 68b09c4b TestExe!TestClass::TestFun1+0x5a [d:\test1.cpp @ 666]
02 008ff0d4 68b31a54 TestExe!TestClass::TestFun2+0x11b [d:\test2.cpp @ 3722]
0:000> x TestExe!TestClass::*
68b189e0 TestExe!TestClass::TestFun1( *, void *)
68b19400 TestExe!TestClass::TestFun2(unsigned long, void *, void *)
Here it means the eax=aa893f00 is something different which is causing the access violation.
So the question is why this is getting changed, who is modifying the stack, how do I identify it. If my understanding is correct then control flow guard can help in this case, but seems that is not available in VS 2008.
Can someone provide input, any help would be appreciated.
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Developing Minifilters||29 July 2019||OSR Seminar Space|
|Writing WDF Drivers||23 Sept 2019||OSR Seminar Space|
|Kernel Debugging||21 Oct 2019||OSR Seminar Space|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|