Jump to content



Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Toggle shoutbox Shoutbox Open the Shoutbox in a popup

@  yordan : (21 April 2014 - 09:11 PM) Hey, Ritesh, Did You Hear Me?
@  yordan : (14 April 2014 - 05:28 PM) By The Way, This Could Be An Interesting Subject For A Topic, What About Posting This Question? Let's See If Other People Have The Same Feeling Concerning Bootlists!
@  yordan : (13 April 2014 - 09:36 AM) Boot Order : Cd, [Usb,] Hard Drive :D
@  yordan : (11 April 2014 - 07:23 PM) I Simply Let The Bios Do That
@  Ritesh : (11 April 2014 - 10:23 AM) Is It Possible To Launch Fedora Live Cd Or Installation Disk From Hard Drive On Windows Platform Using Grub Mbr File.
@  Ritesh : (11 April 2014 - 10:21 AM) No U Are Not.. Btw.. I Have Question For You.
@  yordan : (10 April 2014 - 08:02 AM) You Are Partially Right.
I Was Not.
Nevertheless, I Am Again :)
@  Ritesh : (09 April 2014 - 07:33 PM) :P
@  Ritesh : (09 April 2014 - 07:33 PM) I Think U R Not..
@  yordan : (09 April 2014 - 09:28 AM) I'm The Master Of The Shoutbox!
@  yordan : (05 April 2014 - 10:32 PM) He-He
@  Ritesh : (04 April 2014 - 06:59 PM) Ha Ha Ha ....
@  yordan : (04 April 2014 - 11:15 AM) Welcome Back, Starscream!
@  yordan : (03 April 2014 - 02:31 PM) And I Hope That He Will Come Back Soon :)
@  yordan : (01 April 2014 - 02:53 PM) Nice, Ritesh Came, I'm Not Home Alone Today.
@  Ritesh : (01 April 2014 - 08:51 AM) Oh!!! Poor Dear Yordan..
@  yordan : (31 March 2014 - 10:02 AM) I'm A Poor Lonesome Cow-Boy
@  yordan : (27 March 2014 - 02:22 PM) He Is Unpatient Due To His Patients!
@  Ritesh : (27 March 2014 - 10:46 AM) :(
@  Ritesh : (27 March 2014 - 10:46 AM) He Is Busy With His Patients.

Replying to Yahoo! Protocol: Part 17 - Crash


Post Options

    • Can't make it out? Click here to generate a new image

  or Cancel


Topic Summary

tansqrx

Posted 29 April 2007 - 05:32 AM

The results from a crash can be simply summarized in the following statement: “Access violation when reading (00730079). In windows terms, an access violation occurs when a program tries to read information from a protected area in memory or a section of memory that does not belong to that particular program. In this case, Yahoo! Messenger tried to read the memory address 00730079. Table 2 shows the currently allocated memory areas for Messenger sorted by ascending address.

Posted Image

Table 2 - Currently Allocated Memory Addresses


It is seen that 00730079 is not included as a valid address and thus the memory access violation occurs.

Posted Image

Table 3 - Registers

By examining the processor registers, as shown in Table 3, the EIP or instruction pointer is set to the value of MSVCR71.7C3417E1. MSVCR71 is one of the external dynamic link libraries (DLL) loaded by messenger at run time, and is a common DLL supplied by Microsoft. Through examination of the source assembly, it is found that this instructions lies within the strlen function and the instruction that caused the fault is MOV AL, BYTE PTR DS:[ECX]. This instruction moves the contents of the address located at ECX into the lower part of the EAX. ECX is unreadable and thus the access violation.
After much experimentation it was found that a single shared files packet would not cause a crash. Even if multiple packets were sent, if enough time has elapsed between the packets Messenger will not crash. Only if a second packet is received by Messenger before processing is complete on the first packet will the access violation occur. This leads me to conclude that the packet being received by Messenger is not so much of the problem as timing issues within Messenger. By adding break points to the program, it is found that considerable processing is performed between certain types of packets. One such packet is the P2P file transfer packet used in the shared files boot. Several registry accesses are performed and in total over 10,000 operations are performed before this type of packet is fully processed. Even with lighting fast speeds of current processors, this lag gives plenty of time for a second packet to be received by a relatively slow network connection.
This theory is further supported by studying other boot code. Although different packets are used, every boot needs to send multiple packets in rapid succession and all boots result in an access violation at address 00730079.

Review the complete topic (launches new window)