Scribd
Upload
67 views8 pages

Assignment DDLJ

The program is hanging because multiple threads are waiting on multiple objects using the Windows ZwWaitForMultipleObjects function. All threads are suspended at the return from this function, indicating they are waiting for the object handles passed to the function to be signaled before continuing execution. No deadlocks are detected between critical sections. The root cause appears to be that the objects the threads are waiting on are not being signaled to allow the threads to continue.

Uploaded by

Babu Shaikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
67 views8 pages

Assignment DDLJ

The program is hanging because multiple threads are waiting on multiple objects using the Windows ZwWaitForMultipleObjects function. All threads are suspended at the return from this function, indicating they are waiting for the object handles passed to the function to be signaled before continuing execution. No deadlocks are detected between critical sections. The root cause appears to be that the objects the threads are waiting on are not being signaled to allow the threads to continue.

Uploaded by

Babu Shaikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

1)

void bubbleSort(int arr[], int n)


{

if (n == 1)
return;

for (int i=0; i<n-1; i++)


if (arr[i] > arr[i+1])
swap(arr[i], arr[i+1]);

bubbleSort(arr, n+1);
}

void printArray(int arr[], int n)


{
for (int i=0; i < n; i++)
printf("%d ", arr[i]);
printf("\n");
}
b) time complexity : n2 i.e 49

2)
It seems the thread enters critical section "RtlpWaitOnCriticalSection".
However in the program "Call3rdPartyCode(lpParam)" we gave the argument as NULL.
So it threw an exception and then there was no exit criteria for critical section.

Call Stack :

0:001> kL
# Child-SP RetAddr Call Site
00 00000047`72eff858 00007ffb`c49580fe ntdll!DbgBreakPoint
01 00000047`72eff860 00007ffb`c28e54e0 ntdll!DbgUiRemoteBreakin+0x4e
02 00000047`72eff890 00007ffb`c488485b KERNEL32!BaseThreadInitThunk+0x10
03 00000047`72eff8c0 00000000`00000000 ntdll!RtlUserThreadStart+0x2b
0:001> ~*kL

0 Id: 2610.7708 Suspend: 1 Teb: 00000047`72c50000 Unfrozen


# Child-SP RetAddr Call Site
00 00000047`72bdfb58 00007ffb`c489d70d ntdll!ZwWaitForAlertByThreadId+0x14
01 00000047`72bdfb60 00007ffb`c489d431 ntdll!RtlpWaitOnAddressWithTimeout+0x81
02 (Inline Function) --------`-------- ntdll!RtlpWaitOnAddress+0xb7
03 00000047`72bdfb90 00007ffb`c48ba5dc ntdll!RtlpWaitOnCriticalSection+0x1a1
04 00000047`72bdfc90 00007ffb`c48ba442 ntdll!RtlpEnterCriticalSectionContended+0x18c
*** WARNING: Unable to verify checksum for C:\Users\dideka\OneDrive -
Microsoft\Documents\training\C\CPP\test2.exe
05 00000047`72bdfcf0 00007ff7`fa9d124f ntdll!RtlEnterCriticalSection+0x42
06 00000047`72bdfd20 00007ff7`fa9d78dc test2+0x124f
07 00000047`72bdfd70 00007ffb`c28e54e0 test2+0x78dc
08 00000047`72bdfdb0 00007ffb`c488485b KERNEL32!BaseThreadInitThunk+0x10
09 00000047`72bdfde0 00000000`00000000 ntdll!RtlUserThreadStart+0x2b

# 1 Id: 2610.4830 Suspend: 1 Teb: 00000047`72c54000 Unfrozen


# Child-SP RetAddr Call Site
00 00000047`72eff858 00007ffb`c49580fe ntdll!DbgBreakPoint
01 00000047`72eff860 00007ffb`c28e54e0 ntdll!DbgUiRemoteBreakin+0x4e
02 00000047`72eff890 00007ffb`c488485b KERNEL32!BaseThreadInitThunk+0x10
03 00000047`72eff8c0 00000000`00000000 ntdll!RtlUserThreadStart+0x2b

===========================================================================
===========================================================================
=

Attached the Application verified and got the below call stack for the issue :

0:000> g
(20.5ca4): C++ EH exception - code e06d7363 (first chance)

=======================================
VERIFIER STOP 0000000000000200: pid 0x20: Thread that is exiting owns a critical section.

0000000000005CA4 : Thread ID of the thread that is exiting while owning a critical section.
00007FF7FAA071A0 : Critical section address. Run !cs -s <address> to get more information.
000001F4C924CFD0 : Critical section debug information address.
000001F4C26F0160 : Critical section initialization stack trace. Run dps <address> to dump the stack
trace.
=======================================
This verifier stop is continuable.
After debugging it use `go' to continue.

=======================================

(20.5ca4): Break instruction exception - code 80000003 (first chance)


vrfcore!VerifierStopMessageEx+0x81d:
00007ffb`ad1c26fd cc int 3

The above clearly highlights the point "Thread that is exiting owns a critical section" where it says that
the thread is trying to exit without leaving the critical section.

3) The code is basically trying to fetch the mapped memory and write it to the location specified
4) It loads the DLL into the memory of the current process, but does not import functions defined.
Function calls are resolved by the linker at compile time while LoadLibrary is called at runtime of the
code
5) Application runs fine with strings upto size of 10, after that it crashes

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010283


 ntdll!RtlAllocateHeap+0x653:
 7c91142e 8b39 mov edi,dword ptr [ecx] ds:0023:00720070=????????
 0:000> k
 ChildEBP RetAddr
 0007f70c 7c919f5d ntdll!RtlpInsertFreeBlock+0xf3
 0007f73c 7c918839 ntdll!RtlpInitializeHeapSegment+0x186
 0007f780 7c911c76 ntdll!RtlpExtendHeap+0x1ca
 0007f9b0 7c80e323 ntdll!RtlAllocateHeap+0x623
 0007fa24 7c80e00d kernel32!BasepComputeProcessPath+0xb3
 0007fa64 7c80e655 kernel32!BaseComputeProcessDllPath+0xe3
 0007faac 7c80e5ab kernel32!GetModuleHandleForUnicodeString+0x28
 0007ff30 7c80e45c kernel32!BasepGetModuleHandleExW+0x18e
 0007ff48 7c80b6c0 kernel32!GetModuleHandleW+0x29
 00083160 000d0004 000c0199 00000000 00730069
 00083170 00740053 00690072 0067006e 00680053
 00083180 0075006f 0064006c 00650052 00720070
 00083190 0054006f 00650068 00720043 00730061
 000831a0 00000068 00000000 00000000 00000000
 0007ff54 77c39d23 kernel32!GetModuleHandleA+0x2d
 0007ff60 77c39e78 msvcrt!__crtExitProcess+0x10
 0007ff70 77c39e90 msvcrt!_cinit+0xee
 0007ff84 010014c2 msvcrt!exit+0x12
 0007ffc0 7c816fd7 06overrun!__wmainCRTStartup+0x118
 0007fff0 00000000 kernel32!BaseProcessStart+0x23

6)
This is reserving addresses using MEM_RESERVE , and then continously allocating the reserved pages
using MEM_COMMIT.
The code commit another page. Increment the page count, and advance lpNxtPage to the next page.
Reserve pages in the virtual address space of the process.

dump query

1)

1) WriteFile function is writing the data to the file


2) CreateFIle API is being called

2)

Q2 - 1. What Windows function is called? 2.


What are the specific parameters (including flags) passed to that Windows function? Where does it get
the input parameters from?

EXCEPTION_CODE_STR:  80000003

3)

7! Or 5040
And the operation being performed is a n! factorial operation. You are saving the pointer to the stack
and then returning the address back to the called function, so if the variable is say y, you are doing y+4,
the calling function

4)

An exception is a known type of error. An unhandled exception occurs when the application
code does not properly handle exceptions.
2. Why is the program failing with “System.AccessViolationException”?
Ans. An access violation that occurs in unsafe managed code can be expressed as either a
NullReferenceException exception or an AccessViolationException exception, depending on the
platform
3. Please debug the program and see if you can identify the root cause of the issue. State the
root cause.
Make sure that the memory that you are attempting to access has been allocated. An
AccessViolationException exception is always thrown by an attempt to access protected memory
-- that is, to access memory that is not allocated or that is not owned by a process.
Make sure that the memory that you are attempting to access has not been corrupted. If several
read or write operations have occurred through bad pointers, memory may be corrupted. This
typically occurs when reading or writing to addresses outside of a predefined buffer.
4. What is the underlying function/API being called that has raised the exception?
errhandlingapi.h (EXCEPTION_ACCESS_VIOLATION)

5) Yes the program has memory leaks, the counter selected is the private bytes, the difference between
the average and maximum gives the approx. memory leak. If the counter selected is processor time,
then the values indicate the duration. You can also use, TheMemory/Committed Bytes counter which
raises if there is a memory leak

6) 1. Is there a deadlock?
>> No there are no deadlocks seen.

0:007> !locks

Scanned 8 critical sections


0:007> !cs
-----------------------------------------
DebugInfo = 0x00007ffbc49f7ea0
Critical section = 0x00007ffbc49f7d40 (ntdll!RtlpProcessHeapsListLock+0x0)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000020007d0
-----------------------------------------
DebugInfo = 0x00007ffbc49f7ed0
Critical section = 0x0000000000a202c0 (+0xA202C0)
NOT LOCKED
LockSemaphore = 0xFFFFFFFF
SpinCount = 0x00000000020007d0
-----------------------------------------
DebugInfo = 0x00007ffbc49f7f00
Critical section = 0x00000000005402c0 (+0x5402C0)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000020007d0
-----------------------------------------
DebugInfo = 0x00007ffbc49f7f30
Critical section = 0x0000000000b302c0 (+0xB302C0)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000020007d0
-----------------------------------------
DebugInfo = 0x00007ffbc49f7f60
Critical section = 0x0000000000ca02c0 (+0xCA02C0)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000020007d0
-----------------------------------------
DebugInfo = 0x00007ffbc49f7f90
Critical section = 0x00000000026a02c0 (+0x26A02C0)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000020007d0
-----------------------------------------
DebugInfo = 0x00007ffbc49f7fc0
Critical section = 0x00000000028702c0 (+0x28702C0)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000020007d0
-----------------------------------------
DebugInfo = 0x00007ffbc49f7ff0
Critical section = 0x00000000026902c0 (+0x26902C0)
NOT LOCKED
LockSemaphore = 0x0
SpinCount = 0x00000000020007d0

2. Why is the program hung?


It seems the all threads are waiting for multiple objects.
There are 5 threads triggered and we see all threads waiting for multiple objects :
0:000> ~
. 0 Id: 6624.5b88 Suspend: 1 Teb: 00000000`00a80000 Unfrozen
# 1 Id: 6624.68c0 Suspend: 1 Teb: 00000000`00a96000 Unfrozen
4 Id: 6624.62dc Suspend: 1 Teb: 00000000`00a88000 Unfrozen
5 Id: 6624.3750 Suspend: 1 Teb: 00000000`00a8a000 Unfrozen
6 Id: 6624.51fc Suspend: 1 Teb: 00000000`00a8c000 Unfrozen
0:000> ~0s
ntdll!ZwWaitForMultipleObjects+0x14:
00007ffb`c4923eb4 c3 ret
0:000> ~1s
ntdll!DbgBreakPoint:
00007ffb`c4926f70 cc int 3
0:001> ~4s
ntdll!ZwWaitForMultipleObjects+0x14:
00007ffb`c4923eb4 c3 ret
0:004> ~5s
ntdll!ZwWaitForMultipleObjects+0x14:
00007ffb`c4923eb4 c3 ret
0:005> ~6s
ntdll!ZwWaitForMultipleObjects+0x14:
00007ffb`c4923eb4 c3 ret

0:009> ~0kb
# RetAddr : Args to Child : Call Site
00 00007ffb`c1ddf9f0 : 00000000`00fd5290 00000000`00000050 00000000`00fd52d0
00007ffb`b5025361 : ntdll!ZwWaitForMultipleObjects+0x14
[minkernel\ntdll\daytona\objfre\amd64\usrstubs.asm @ 947]
01 00007ffb`b50ea0c7 : ffffffff`fffffffe 00000000`00000000 00000000`00cfecc8
00000000`00000000 : KERNELBASE!WaitForMultipleObjectsEx+0xf0 [minkernel\kernelbase\synch.c
@ 1551]
02 00007ffb`b50e9f50 : 00000000`00000000 00000000`00000001 00000000`00f83040
00000000`ffffffff : clr!WaitForMultipleObjectsEx_SO_TOLERANT+0x62
[f:\dd\ndp\clr\src\vm\threads.cpp @ 4302]
03 (Inline Function) : --------`-------- --------`-------- --------`-------- --------`-------- : clr!
Thread::DoAppropriateAptStateWait+0x36 [f:\dd\ndp\clr\src\vm\threads.cpp @ 4336]
04 00007ffb`b50e9cdd : 00000000`00f83040 00000000`00000001 00000000`00000001
00000000`00000000 : clr!Thread::DoAppropriateWaitWorker+0x205
[f:\dd\ndp\clr\src\vm\threads.cpp @ 4476]
05 00007ffb`b511a91d : 00000000`00fd6ff8 00007ffb`00000001 00000000`00f83040
00000000`00fd7010 : clr!Thread::DoAppropriateWait+0x7d [f:\dd\ndp\clr\src\vm\threads.cpp @
4143]
06 00007ffb`b50ea466 : 00000000`00cfefa0 00000000`00000000 00000000`00f83040
00007ffb`b5025077 : clr!CLREventBase::WaitEx+0xb6 [f:\dd\ndp\clr\src\vm\synch.cpp @ 850]
07 00007ffb`b50ea337 : 00000000`00fd6ff8 00000000`02d66918 00000000`02d66b70
00000000`02d62d80 : clr!AwareLock::EnterEpilogHelper+0x104 [f:\dd\ndp\clr\src\vm\syncblk.cpp
@ 3118]
08 00007ffb`b5206682 : 00000000`00f83040 00007ffb`b50226d0 00000000`00000000
00000000`00fd6ff8 : clr!AwareLock::EnterEpilog+0x62 [f:\dd\ndp\clr\src\vm\syncblk.cpp @ 3063]
09 (Inline Function) : --------`-------- --------`-------- --------`-------- --------`-------- : clr!
SyncBlock::EnterMonitor+0x8 [f:\dd\ndp\clr\src\vm\syncblk.h @ 776]
0a (Inline Function) : --------`-------- --------`-------- --------`-------- --------`-------- : clr!
ObjHeader::EnterObjMonitor+0xd [f:\dd\ndp\clr\src\vm\syncblk.cpp @ 1901]
0b (Inline Function) : --------`-------- --------`-------- --------`-------- --------`-------- : clr!
Object::EnterObjMonitor+0x16 [f:\dd\ndp\clr\src\vm\object.h @ 484]
0c 00007ffb`55ae0a18 : 00000000`00cff0c8 00000000`00cfef88 00000000`00cff098
00000000`00cfef98 : clr!JITutil_MonEnterWorker+0x132 [f:\dd\ndp\clr\src\vm\jithelpers.cpp @
4799]
0d 00007ffb`b5026923 : 00007ffb`b5027070 00007ffb`559d4148 00000000`00000000
00000000`00000000 : Test_a_Lock!Test.Program.Main()+0xe8*** WARNING: Unable to verify
checksum for C:\Users\dideka\OneDrive - Microsoft\Desktop\TDFP
Assesment\Set1\Question6\Test_a_Lock.exe

3. Why is the CPU low?


>> The process is just waiting. Its in kernel mode and waiting for the clock to signal.
Seems there is a call for waitForMultipleObjects. It might be that program entered a section and
thread is lost. So there was no return value and main process is hung.

Compose

You might also like