<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'>Hey I almost have this figured out.<BR>
I compared RTHeapInfo.ms's MM_RTHeapInfo PPC_DARWIN vs. NT386GNU.<BR>
They are almost the same.<BR>
Ok, anyway, I decided, duh, let's disassembly the garbage data and see if it is code. It is.<BR>
That roughly matches the PPC_DARWIN vs. NT386GNU diff where some numbers were off by 4.<BR>
Therefore:<BR>
<BR>
The module info is this:<BR>
0:000> dc 00681138<BR>00681138 00681138 00000000 00603de0 00681144<BR>
<BR>
when it should be:<BR>
<BR>
0:000> dc 00681138<BR>00681138 xxxxx 00603de0 00681144<BR>
<BR>
Two problems. One clear, one less clear.<BR>
<BR>
TYPE (* one of these is generated for each imported interface reference *)<BR> ImportInfo = RECORD<BR> import : ModulePtr;<BR> binder : Binder; (* returns "import" pointer *)<BR> next : ImportPtr;<BR> END;<BR><BR>
4 bytes of padding are between import and binder.<BR>
Making binder be used for next. Making a pointer to code vs. a pointer to data mixed up. That's a big problem.<BR>
I understand.<BR>
<BR>
What I don't understand is the value of import. I walked the whole list of imports and in every case, the back pointer to the module was actually to the import itself. Huh?<BR>
<BR>
Perhaps I went wrong earlier and am off in the weeds..but I don't think so.<BR>
I mean, the pointers are to self in any case and that's seldom correct data, unless they are empty circular singly linked lists..<BR>
<BR>
I'll dig a bit more..<BR>
<BR>
- Jay<BR>
<BR>
<BR>
full debugging session...email is going to remove the newlines and make it unreadable probably..<BR>
<BR>
<FONT face="Courier New, Courier, Monospace"> Module 0x681020 ..\src\runtime\common\RTHeapInfo.m3 Imports 0x6810c0{Import 0x0,<BR> Binder 0x0, Next 0x603d60}<BR> (f88.aec): Access violation - code c0000005 (first chance)<BR> First chance exceptions are reported before any exception handling.<BR> This exception may be expected and handled.<BR> eax=8be58955 ebx=00000001 ecx=611030e8 edx=00008889 esi=611021a0 edi=006147e0<BR> eip=006006a0 esp=0022cb70 ebp=0022cba8 iopl=0 nv up ei ng nz na pe nc<BR> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010286<BR> *** ERROR: Module load completed but symbols could not be loaded for image00400000<BR> <BR> <BR> image00400000+0x2006a0:<BR> 006006a0 8b00 mov eax,dword ptr [eax] ds:0023:8be58955=????????<BR> <BR> <BR> 0:000> dc 0x681020<BR> 00681020 00680fe0 00681054 00681154 00000000 ..h.T.h.T.h.....<BR> 00681030 00000000 00680f98 00000000 00680fdc ......h.......h.<BR> 00681040 00680fdc 006810c0 00000000 0060053f ..h...h.....?.`.<BR> 00681050 00000003 00000000 6c810e28 72d376bc ........(..l.v.r<BR> 00681060 1e527894 01000201 00000000 00000000 .xR.............<BR> 00681070 00000000 00681004 00000000 00000000 ......h.........<BR> 00681080 0068100c 00000000 e545939d 00000000 ..h.......E.....<BR> 00681090 00000000 00000000 00000000 00681008 ..............h.<BR> <BR> <BR> 0:000> dc 006810c0<BR></FONT><BR>
<FONT face="Courier New, Courier, Monospace"> 006810c0 00000000 00000000 00603d60 006810cc ........`=`...h.<BR> 006810d0 00000000 005fb070 006810d8 00000000 ....p._...h.....<BR> 006810e0 005fb4a0 006810e4 00000000 005f1c00 .._...h......._.<BR> 006810f0 006810f0 00000000 005f58d0 006810fc ..h......X_...h.<BR> 00681100 00000000 00606500 00681108 00000000 .....e`...h.....<BR> 00681110 006064f0 00681114 00000000 005f8790 .d`...h......._.<BR> 00681120 00681120 00000000 00605350 0068112c .h.....PS`.,.h.<BR> 00681130 00000000 00606520 00681138 00000000 .... e`.8.h.....</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">oops, code not data, let's try the next one</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace"> 0:000> dc 00603d60<BR> <BR> <BR> 00603d60 8be58955 d0b80845 c900681a 909090c3 U...E....h......<BR> 00603d70 8be58955 90b80845 c900681b e58955c3 U...E....h...U..<BR> 00603d80 ec835657 08458b20 8904c083 1bf8a1c2 WV.. .E.........<BR> 00603d90 f4050068 8b000000 dc7d8d00 b8fcc689 h.........}.....<BR> 00603da0 00000007 a5f3c189 758dd789 07b8fcdc ...........u....<BR> 00603db0 89000000 83a5f3c1 5f5e20c4 9090c3c9 ......... ^_....<BR> 00603dc0 8be58955 70b80845 c900681c 909090c3 U...E..p.h......<BR> 00603dd0 8be58955 10b80845 c900681d 909090c3 U...E....h......</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace"> 0:000> dc 006810cc</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace"> 006810cc 006810cc 00000000 005fb070 006810d8 ..h.....p._...h.<BR> 006810dc 00000000 005fb4a0 006810e4 00000000 ......_...h.....<BR> 006810ec 005f1c00 006810f0 00000000 005f58d0 .._...h......X_.<BR> 006810fc 006810fc 00000000 00606500 00681108 ..h......e`...h.<BR> 0068110c 00000000 006064f0 00681114 00000000 .....d`...h.....<BR> 0068111c 005f8790 00681120 00000000 00605350 .._. .h.....PS`.<BR> 0068112c 0068112c 00000000 00606520 00681138 ,.h..... e`.8.h.<BR> 0068113c 00000000 00603de0 00681144 00000000 .....=`.D.h.....</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace"> 0:000> dc 006810d8</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace"> 006810d8 006810d8 00000000 005fb4a0 006810e4 ..h......._...h.<BR> 006810e8 00000000 005f1c00 006810f0 00000000 ......_...h.....<BR> 006810f8 005f58d0 006810fc 00000000 00606500 .X_...h......e`.<BR> 00681108 00681108 00000000 006064f0 00681114 ..h......d`...h.<BR> 00681118 00000000 005f8790 00681120 00000000 ......_. .h.....<BR> 00681128 00605350 0068112c 00000000 00606520 PS`.,.h..... e`.<BR> 00681138 00681138 00000000 00603de0 00681144 8.h......=`.D.h.<BR> 00681148 00000000 005dfc00 00000000 00680f00 ......].......h.</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">oops, this is code not data</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">0:000> dc 005fb4a0</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">005fb4a0 8be58955 80b80845 c90067af 909090c3 U...E....g......<BR>005fb4b0 8be58955 40b80845 c90067b1 909090c3 </FONT><A href="mailto:U...E..@.g"><FONT face="Courier New, Courier, Monospace">U...E..@.g</FONT></A><FONT face="Courier New, Courier, Monospace">......<BR>005fb4c0 83e58955 45c738ec 000000dc 08458b00 U....8.E......E.<BR>005fb4d0 8b04c083 d8458900 83d8458b 1d7f0ff8 ......E..E......<BR>005fb4e0 8308458b e8500cec 00011e94 8910c483 .E....P.........<BR>005fb4f0 458be045 cc4589e0 0000f9e9 d8458b00 E..E..E.......E.<BR>005fb500 500cec83 0000f2e8 10c48300 8be04589 ...P.........E..<BR>005fb510 4589e045 d8458bdc 8e0fc085 000000d0 E..E..E.........</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">let's try the next one</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">0:000> dc 006810e4<BR></FONT><BR>
<FONT face="Courier New, Courier, Monospace">006810e4 006810e4 00000000 005f1c00 006810f0 ..h......._...h.<BR>006810f4 00000000 005f58d0 006810fc 00000000 .....X_...h.....<BR>00681104 00606500 00681108 00000000 006064f0 .e`...h......d`.<BR>00681114 00681114 00000000 005f8790 00681120 ..h......._. .h.<BR>00681124 00000000 00605350 0068112c 00000000 ....PS`.,.h.....<BR>00681134 00606520 00681138 00000000 00603de0 e`.8.h......=`.<BR>00681144 00681144 00000000 005dfc00 00000000 D.h.......].....<BR>00681154 00680f00 00000000 6c810e28 00000002 ..h.....(..l....</FONT><BR>
<FONT face="Courier New, Courier, Monospace"></FONT> <BR>
<FONT face="Courier New, Courier, Monospace">0:000> dc 006810e4<BR></FONT><BR>
<FONT face="Courier New, Courier, Monospace">006810e4 006810e4 00000000 005f1c00 006810f0 ..h......._...h.<BR>006810f4 00000000 005f58d0 006810fc 00000000 .....X_...h.....<BR>00681104 00606500 00681108 00000000 006064f0 .e`...h......d`.<BR>00681114 00681114 00000000 005f8790 00681120 ..h......._. .h.<BR>00681124 00000000 00605350 0068112c 00000000 ....PS`.,.h.....<BR>00681134 00606520 00681138 00000000 00603de0 e`.8.h......=`.<BR>00681144 00681144 00000000 005dfc00 00000000 D.h.......].....<BR>00681154 00680f00 00000000 6c810e28 00000002 ..h.....(..l....</FONT><BR>
<FONT face="Courier New, Courier, Monospace"></FONT> <BR>
<FONT face="Courier New, Courier, Monospace">show it to be code btw (I did this earlier, not sure what happened in the log;<BR>I cannot represent byte patterns as x86 code by sight, but the disassembly is spot on)</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">0:000> u 005f1c00</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">image00400000+0x1f1c00:<BR>005f1c00 55 push ebp<BR>005f1c01 89e5 mov ebp,esp<BR>005f1c03 8b4508 mov eax,dword ptr [ebp+8]<BR>005f1c06 b8a0906700 mov eax,offset image00400000+0x2790a0 (006790a0)<BR>005f1c0b c9 leave<BR>005f1c0c c3 ret<BR>005f1c0d 90 nop<BR>005f1c0e 90 nop</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">ok, so again let's try the next</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">0:000> dc 006810f0</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">006810f0 006810f0 00000000 005f58d0 006810fc ..h......X_...h.<BR>00681100 00000000 00606500 00681108 00000000 .....e`...h.....<BR>00681110 006064f0 00681114 00000000 005f8790 .d`...h......._.<BR>00681120 00681120 00000000 00605350 0068112c .h.....PS`.,.h.<BR>00681130 00000000 00606520 00681138 00000000 .... e`.8.h.....<BR>00681140 00603de0 00681144 00000000 005dfc00 .=`.D.h.......].<BR>00681150 00000000 00680f00 00000000 6c810e28 ......h.....(..l<BR>00681160 00000002 00000000 00000000 00000000 ................</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">0:000> dc 006810fc</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">006810fc 006810fc 00000000 00606500 00681108 ..h......e`...h.<BR>0068110c 00000000 006064f0 00681114 00000000 .....d`...h.....<BR>0068111c 005f8790 00681120 00000000 00605350 .._. .h.....PS`.<BR>0068112c 0068112c 00000000 00606520 00681138 ,.h..... e`.8.h.<BR>0068113c 00000000 00603de0 00681144 00000000 .....=`.D.h.....<BR>0068114c 005dfc00 00000000 00680f00 00000000 ..].......h.....<BR>0068115c 6c810e28 00000002 00000000 00000000 (..l............<BR>0068116c 00000000 79545452 52536570 33495f43 ....RTTypeSRC_I3</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">0:000> dc 00681108</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">00681108 00681108 00000000 006064f0 00681114 ..h......d`...h.<BR>00681118 00000000 005f8790 00681120 00000000 ......_. .h.....<BR>00681128 00605350 0068112c 00000000 00606520 PS`.,.h..... e`.<BR>00681138 00681138 00000000 00603de0 00681144 8.h......=`.D.h.<BR>00681148 00000000 005dfc00 00000000 00680f00 ......].......h.<BR>00681158 00000000 6c810e28 00000002 00000000 ....(..l........<BR>00681168 00000000 00000000 79545452 52536570 ........RTTypeSR<BR>00681178 33495f43 00000000 00600750 00681170 C_I3....P.`.p.h.</FONT><BR>
<FONT face="Courier New, Courier, Monospace">it just keeps going, a pretty good linked list<BR>EXCEPT for the padding and the first pointer always looks wrong</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">0:000> dc 00681114</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">00681114 00681114 00000000 005f8790 00681120 ..h......._. .h.<BR>00681124 00000000 00605350 0068112c 00000000 ....PS`.,.h.....<BR>00681134 00606520 00681138 00000000 00603de0 e`.8.h......=`.<BR>00681144 00681144 00000000 005dfc00 00000000 D.h.......].....<BR>00681154 00680f00 00000000 6c810e28 00000002 ..h.....(..l....<BR>00681164 00000000 00000000 00000000 79545452 ............RTTy<BR>00681174 52536570 33495f43 00000000 00600750 peSRC_I3....P.`.<BR>00681184 00681170 00000000 735c2e2e 725c6372 p.h.......\src\r</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">0:000> dc 00681120</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">00681120 00681120 00000000 00605350 0068112c .h.....PS`.,.h.<BR>00681130 00000000 00606520 00681138 00000000 .... e`.8.h.....<BR>00681140 00603de0 00681144 00000000 005dfc00 .=`.D.h.......].<BR>00681150 00000000 00680f00 00000000 6c810e28 ......h.....(..l<BR>00681160 00000002 00000000 00000000 00000000 ................<BR>00681170 79545452 52536570 33495f43 00000000 RTTypeSRC_I3....<BR>00681180 00600750 00681170 00000000 735c2e2e P.`.p.h.......\s<BR>00681190 725c6372 69746e75 635c656d 6f6d6d6f rc\runtime\commo</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">0:000> dc 0068112c</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">0068112c 0068112c 00000000 00606520 00681138 ,.h..... e`.8.h.<BR>0068113c 00000000 00603de0 00681144 00000000 .....=`.D.h.....<BR>0068114c 005dfc00 00000000 00680f00 00000000 ..].......h.....<BR>0068115c 6c810e28 00000002 00000000 00000000 (..l............<BR>0068116c 00000000 79545452 52536570 33495f43 ....RTTypeSRC_I3<BR>0068117c 00000000 00600750 00681170 00000000 ....P.`.p.h.....<BR>0068118c 735c2e2e 725c6372 69746e75 635c656d ..\src\runtime\c<BR>0068119c 6f6d6d6f 54525c6e 65707954 2e435253 ommon\RTTypeSRC.</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">0:000> dc 00681138</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace">00681138 00681138 00000000 00603de0 00681144 8.h......=`.D.h.<BR>00681148 00000000 005dfc00 00000000 00680f00 ......].......h.<BR>00681158 00000000 6c810e28 00000002 00000000 ....(..l........<BR>00681168 00000000 00000000 79545452 52536570 ........RTTypeSR<BR>00681178 33495f43 00000000 00600750 00681170 C_I3....P.`.p.h.<BR>00681188 00000000 735c2e2e 725c6372 69746e75 ......\src\runti<BR>00681198 635c656d 6f6d6d6f 54525c6e 65707954 me\common\RTType<BR>006811a8 2e435253 00003369 0068118c 00000000 SRC.i3....h.....</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace"> 0:000> dc 00681144</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace"> 00681144 00681144 00000000 005dfc00 00000000 D.h.......].....<BR> 00681154 00680f00 00000000 6c810e28 00000002 ..h.....(..l....<BR> 00681164 00000000 00000000 00000000 79545452 ............RTTy<BR> 00681174 52536570 33495f43 00000000 00600750 peSRC_I3....P.`.<BR> 00681184 00681170 00000000 735c2e2e 725c6372 p.h.......\src\r<BR> 00681194 69746e75 635c656d 6f6d6d6f 54525c6e untime\common\RT<BR> 006811a4 65707954 2e435253 00003369 0068118c TypeSRC.i3....h.<BR> 006811b4 00000000 00000000 00000000 00000000 ................</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace"> another confirmation of a code pointer</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace"> 0:000> u 005dfc00</FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace"> image00400000+0x1dfc00:<BR> 005dfc00 55 push ebp<BR> 005dfc01 89e5 mov ebp,esp<BR> 005dfc03 8b4508 mov eax,dword ptr [ebp+8]<BR> 005dfc06 b800516700 mov eax,offset image00400000+0x275100 (00675100)<BR> 005dfc0b c9 leave<BR> 005dfc0c c3 ret<BR> 005dfc0d 90 nop<BR> 005dfc0e 90 nop</FONT><BR>
<FONT face="Courier New, Courier, Monospace"> 0:000></FONT><BR>
<BR><FONT face="Courier New, Courier, Monospace"> This is the nice thing about command line debuggers, a textual log.</FONT><BR>
<BR><br /><hr />Climb to the top of the charts! Play the word scramble challenge with star power. <a href='http://club.live.com/star_shuffle.aspx?icid=starshuffle_wlmailtextlink_jan' target='_new'>Play now!</a></body>
</html>