Sometime, when you use CriticalSection, if you encountered crashing or exception?
Call Stack looks like th following via Windbg:
0:000> k
ChildEBP RetAddr
0012fe88 7c90104b ntdll!RtlpWaitForCriticalSection+0x8c
0012fe90 004135fb ntdll!RtlEnterCriticalSection+0x46
0012ff68 004119f6 CriticalTest!wmain+0x2b []
0012ffb8 0041183d CriticalTest!__tmainCRTStartup+0x1a6 []
0012ffc0 7c816fd7 CriticalTest!wmainCRTStartup+0xd []
0012fff0 00000000 kernel32!BaseProcessStart+0x23
0:000> .exr -1
ExceptionAddress: 7c918fea (ntdll!RtlpWaitForCriticalSection+0x0000008c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00000010
Attempt to write to address 00000010
0:000> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
FAULTING_IP:
ntdll!RtlpWaitForCriticalSection+8c
7c918fea ff4010 inc dword ptr [eax+10h]
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 7c918fea (ntdll!RtlpWaitForCriticalSection+0x0000008c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00000010
Attempt to write to address 00000010
DEFAULT_BUCKET_ID: APPLICATION_FAULT
PROCESS_NAME: CriticalTest.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
WRITE_ADDRESS: 00000010
BUGCHECK_STR: ACCESS_VIOLATION
CRITICAL_SECTION: 00417160 -- (!cs -s 00417160)
LAST_CONTROL_TRANSFER: from 7c90104b to 7c918fea
STACK_TEXT:
0012fe88 7c90104b 00417160 004135fb 00417160 ntdll!RtlpWaitForCriticalSection+0x8c
0012fe90 004135fb 00417160 7c911970 02bbf55c ntdll!RtlEnterCriticalSection+0x46
0012ff68 004119f6 00000001 003a3090 003a3148 CriticalTest!wmain+0x2b []
0012ffb8 0041183d 0012fff0 7c816fd7 7c911970 CriticalTest!__tmainCRTStartup+0x1a6 [f:/sp/vctools/crt_bld/self_x86/crt/src/crtexe.c @ 594]
0012ffc0 7c816fd7 7c911970 02bbf55c 7ffdb000 CriticalTest!wmainCRTStartup+0xd [f:/sp/vctools/crt_bld/self_x86/crt/src/crtexe.c @ 414]
0012fff0 00000000 0041107d 00000000 00000000 kernel32!BaseProcessStart+0x23
STACK_COMMAND: ~0s; .ecxr ; kb
FAULTING_THREAD: 00001668
FOLLOWUP_IP:
CriticalTest!wmain+2b []
004135fb 3bf4 cmp esi,esp
FAULTING_SOURCE_CODE:
25: {
26: // Initialize the critical section one time only.
27: //InitializeCriticalSection(&CriticalSection);
28:
> 29: EnterCriticalSection(&CriticalSection);
30:
31: //CreateThread(NULL, 0, ThreadProc, NULL, 0, NULL);
32:
33: LeaveCriticalSection(&CriticalSection);
34:
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: CriticalTest!wmain+2b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: CriticalTest
IMAGE_NAME: CriticalTest.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 47eca49a
BUCKET_ID: ACCESS_VIOLATION_CriticalTest!wmain+2b
FAILURE_BUCKET_ID: CriticalTest.exe!wmain_c0000005_APPLICATION_FAULT
Followup: MachineOwner
using commands !critsec,!cs,!locks, but get nothing about locks.
0:000> kb
ChildEBP RetAddr Args to Child
0012fe88 7c90104b 00417160 004135fb 00417160 ntdll!RtlpWaitForCriticalSection+0x8c
0012fe90 004135fb 00417160 7c911970 02bbf55c ntdll!RtlEnterCriticalSection+0x46
0012ff68 004119f6 00000001 003a3090 003a3148 CriticalTest!wmain+0x2b []
0012ffb8 0041183d 0012fff0 7c816fd7 7c911970 CriticalTest!__tmainCRTStartup+0x1a6 [f:/sp/vctools/crt_bld/self_x86/crt/src/crtexe.c @ 594]
0012ffc0 7c816fd7 7c911970 02bbf55c 7ffdb000 CriticalTest!wmainCRTStartup+0xd [f:/sp/vctools/crt_bld/self_x86/crt/src/crtexe.c @ 414]
0012fff0 00000000 0041107d 00000000 00000000 kernel32!BaseProcessStart+0x23
0:000> !critsec 00417160
CritSec at 00417160 could not be read
Perhaps the critical section was a global variable in a dll that was unloaded?
0:000> !cs -s 00417160
Cannot read DebugInfo adddress at 0x00417160. Possible causes:
- The critical section is not initialized, deleted or corrupted
- The critical section was a global variable in a DLL that was unloaded
- The memory is paged out
Cannot read structure field value at 0x00417164, error 0
Cannot determine if the critical section is locked or not.
-----------------------------------------
Critical section = 0x00417160 (CriticalTest!CriticalSection+0x0)
DebugInfo = 0x00000016
Cannot read structure field value at 0x00000018, error 0
0:000> !locks
NTSDEXTS: Unable to read memory at ntdll!RtlCriticalSectionList
0:000> !locks -o
Looking for orphaned critical sections
NTSDEXTS: Unable to read memory at ntdll!RtlCriticalSectionList
A critical section becomes undefined in a couple of ways:
1. No call to InitializeCriticalSection(...)
2. Multiple call to InitializeCriticalSection(...) with no call to DeleteCriticalSection(...) in between the re-init.
3. Call to DeleteCriticalSection(...) but still referencing the critical section.
4. Thread calls EnterCriticalSection(...) and exits with no call to LeaveCriticalSection(...). Second thread calls EnterCriticalSection(...).
So it is caused by a undefined or deleted Critical Section.
You can repro it via the following codes:
// Not initilize the Critical section.
// Global variable
CRITICAL_SECTION CriticalSection;
int _tmain(int argc, _TCHAR* argv[])
{
//InitializeCriticalSection(&CriticalSection);
EnterCriticalSection(&CriticalSection);
LeaveCriticalSection(&CriticalSection);
DeleteCriticalSection(&CriticalSection);
return 0;
}
or access a deleted Critical section.
// Global variable
CRITICAL_SECTION CriticalSection;
DWORD WINAPI ThreadProc( LPVOID lpParameter )
{
//InitializeCriticalSection(&CriticalSection);
// Request ownership of the critical section.
EnterCriticalSection(&CriticalSection);
// Release ownership of the critical section.
LeaveCriticalSection(&CriticalSection);
DeleteCriticalSection(&CriticalSection);
return 0;
}
int _tmain(int argc, _TCHAR* argv[])
{
// Initialize the critical section one time only.
InitializeCriticalSection(&CriticalSection);
CreateThread(NULL, 0, ThreadProc, NULL, 0, NULL);
Sleep(3000);
EnterCriticalSection(&CriticalSection);
LeaveCriticalSection(&CriticalSection);
DeleteCriticalSection(&CriticalSection);
return 0;
}