From: sandmann AT clio DOT rice DOT edu (Charles Sandmann) Message-Id: <10104061815.AA12163@clio.rice.edu> Subject: Re: That crash message from the core dumper. To: eliz AT is DOT elta DOT co DOT il Date: Fri, 6 Apr 2001 13:15:34 -0500 (CDT) Cc: n_abing AT ns DOT roxas-online DOT net DOT ph (Nimrod A. Abing), djgpp-workers AT delorie DOT com In-Reply-To: <2593-Fri06Apr2001115334+0300-eliz@is.elta.co.il> from "Eli Zaretskii" at Apr 06, 2001 11:53:35 AM X-Mailer: ELM [version 2.5 PL2] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Reply-To: djgpp-workers AT delorie DOT com Errors-To: nobody AT delorie DOT com X-Mailing-List: djgpp-workers AT delorie DOT com X-Unsubscribes-To: listserv AT delorie DOT com Precedence: bulk > Yes: it crashes on this instruction: > > 0x8ec1 : repz movsl %ds:(%esi),%es:(%edi) > > > Page fault at eip=00008e91, error=0004 > > eax=00000000 ebx=00004000 ecx=00001000 edx=0000f620 esi=00030000 edi=0000f620 > > ds: sel=00ff base=830bf000 limit=002f5fff > > > > Call frame traceback EIPs: > > 0x00008e91 ___dj_movedata+33 > > Since this is a Page Fault, and the error code is 4, the primary > suspect is the value of ESI, which points to the address where the > data is read from. > Charles, is it possible for another program, such as an antivirus, > cause a Page Fault by smething its code does, but have Windows abort > our program instead? On the basis of the DPMI memory blocks, I would expect this address to be valid (it's a 192Kb offset from the base; it's possible the DPMI memory block size/address chain is buggy in our code - or the dumper's interpretation of it - but I would hope unlikely). Since it is on a 64K boundary it could be that the size/bases of the blocks are not being recorded/interpreted properly and this might the problem here. A dump of the memory handles would probably be useful information here. I'd like a simple experiment here - set the crt0 flag to deadbeef or zero the memory. When we dump the memory we are also dumping memory we may have not touched yet. It's possible that the antivirus software somehow changes Window's behavior in this case (windows bug? Uninitizlized behavior? on purpose?) > In other words, what could be a reason for a program to get a Page > Fault if the instruction is a perfectly valid one and all the > registers hold valid values? The DPMI provider may internally get a page fault if the page hasn't be committed to memory yet, or is paged out into the page file. It should transparently handle it, but for some reason it doesn't in this case and sends the exception to our handler. Maybe also a byproduct of the other installed software, but hard to tell.