Mail Archives: cygwin/2002/06/17/18:33:28
RLO>> setup.exe Application Error message box:
RLO>> The instruction at "0x0042fa24" referenced memory at "0x00000000". The
RLO>> memory could not be "read".
PT> Cool! :) Let me see if I can dig up something from the above
PT> information.
Ok, here is more information on the subject - though incomplete :(
This is a part of the dissambly listing of package_meta::uninstall where
the crash occures. It from the UPX decompressed version of setup.exe
2.249.2.3. There are comment throught to let you knwo what happens.
0042F98F call DeleteFileA ; package_meta.cc The
; second DeleteFileA call
; in the uninstall()
; method
0042F994 add esp, 14h
0042F997
0042F997 loc_42F997: ; CODE XREF: sub_42F524+375�j
0042F997 ; sub_42F524+37E�j
0042F997 mov eax, [ebp+arg_0] ; eax == this pointer
0042F99A add esp, 0FFFFFFF8h
0042F99D mov edx, [eax+24h] ; edx == this->installed
0042F9A0 mov ecx, [edx+80h]
0042F9A6 movsx eax, word ptr [ecx+40h]
0042F9AA add edx, eax
0042F9AC push edx
0042F9AD push esi
0042F9AE mov eax, [ecx+44h]
0042F9B1 call eax ; installed->getnextfile() ??
0042F9B3 mov edx, [edi+4]
0042F9B6 add esp, 0Ch
0042F9B9 mov eax, [edx+4]
0042F9BC mov [ebp+var_100], eax
0042F9C2 mov [ebp+var_FC], offset sub_439F5C ; class String destructor
0042F9CC lea eax, [ebp+var_100]
0042F9D2 mov [ebp+var_F8], esi
0042F9D8 mov [edx+4], eax
0042F9DB mov eax, [ebp+var_70] ; class String operator = (const String&) (inlined)
0042F9DB ; eax == aString.theData
0042F9DE inc dword ptr [eax] ; Increase aString.theData->count
0042F9E0 mov eax, [ebp+var_20] ; eax == this->theData
0042F9E3 dec dword ptr [eax] ; Decrease this->theData->count
0042F9E5 jnz short loc_42F9FC
0042F9E7 mov eax, [ebp+var_20]
0042F9EA test eax, eax
0042F9EC jz short loc_42F9FC
0042F9EE add esp, 0FFFFFFF8h
0042F9F1 push 3
0042F9F3 push eax
0042F9F4 call sub_439DDC
0042F9F9 add esp, 10h
0042F9FC
0042F9FC loc_42F9FC: ; CODE XREF: sub_42F524+4C1�j
0042F9FC ; sub_42F524+4C8�j
0042F9FC mov eax, [ebp+var_70]
0042F9FF add esp, 0FFFFFFF8h
0042FA02 mov [ebp+var_20], eax
0042FA05 mov edx, [edi+4]
0042FA08 mov eax, [edx+4]
0042FA0B mov eax, [eax]
0042FA0D mov [edx+4], eax
0042FA10 push 2
0042FA12 push esi
0042FA13 call sub_439F5C ; class String destructor
0042FA18 mov edx, [edi+4] ; EDI contains the
; return value of
; __get_eh_context.
0042FA1B add esp, 10h
0042FA1E add esp, 0FFFFFFF8h
0042FA21 mov eax, [edx+4]
0042FA24 mov eax, [eax] ; The crash occures HERE!!!
0042FA26 mov [edx+4], eax
0042FA29 push 2
0042FA2B lea edx, [ebp+var_40]
0042FA2E push edx
0042FA2F call sub_439F5C ; class String destructor
0042FA34 add esp, 10h
0042FA37 mov eax, [ebp+var_20] ; class String size() (inlined)
0042FA3A cmp dword ptr [eax+0Ch], 0
0042FA3E jnz loc_42F61C ; loop until empty line
From what I can see it seems like the EDI register gets overwritten
at some point. Since I cannot reproduce the crash I can't determine
who exaclty overwrites it (if someone does at all ;) ) and it's too
late now to continue...
P.S. Btw I noticed something though I am not sure it has something to
do with the problem. In the String class there is allocation of memory with zero
size - this is not cool, especially if you try to write to it and
especially when you're using msvcrt.dll.
However... :)
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -