1

I'm debugging what seems to be a memory overwrite, and it seems to happen at the same place in memory, but since the program's starting address is different every time I can't reliably set a data breakpoint inside Visual Studio.

Is there a way to do this? I'm on Windows 8.1 using VS. A colleague thought there was a hint you could pass but wasn't sure what it was. I've tried googling but have failed because I'm not sure what to search for or how to phrase it.

The exceptions that I catch are found by Application Verifier, I'm going to try and do some magic to the allocators in the code base to see if we can get more info that way.

Here are the latest three exceptions, as you can see they are close but not identical:

First-chance exception at 0xf5cdb1cc in xx_win32_debug.exe: 0xC0000005: Access violation reading location 0x9dfed000.

First-chance exception at 0xf625b1cc in xx_win32_debug.exe: 0xC0000005: Access violation reading location 0x9eadd000.

First-chance exception at 0xf5ccb1cc in xx_win32_debug.exe: 0xC0000005: Access violation reading location 0x9ddbd000.

nobody
  • 19,814
  • 17
  • 56
  • 77
Srekel
  • 2,183
  • 3
  • 21
  • 26
  • 2
    You can ask for the program to be loaded at the preferred base address using the [`/FIXED`](http://msdn.microsoft.com/en-us/library/w368ysh2.aspx) flag. Is that what you want? The base address can be set with [`/BASE`](http://msdn.microsoft.com/en-us/library/f7f5138s.aspx). – user703016 May 22 '14 at 14:52
  • 1
    [Turning off ASLR](http://stackoverflow.com/questions/9560993/how-do-you-disable-aslr-address-space-layout-randomization-on-windows-7-x64) temporarily would probably do the trick. Also, make sure you've enabled Full-Page Heap in App Verifier. – nobody May 22 '14 at 16:01

1 Answers1

2

If I can offer another approach entirely;

Once the exception is thrown, just climb up the call stack and find the line of code causing the overwrite. Set a breakpoint right before this moment, and you should be able to glean the steps leading to the exception.

Trying to work backwards from a specific memory address seems overly difficult, and prone to all sorts of unreproducible conditions. For example, I would think if the memory in question is allocated from the heap, then your program's starting address won't make a bit of difference.

BTownTKD
  • 7,911
  • 2
  • 31
  • 47