Problem - GDI+ or WinDbg?

sinsi · April 12, 2025, 06:10:46 PM

This short code

    include \masm32\include\masm32rt.inc
    include \masm32\include\gdiplus.inc
    includelib \masm32\lib\gdiplus.lib

.data
    gdii GdiplusStartupInput <1>
    GDItoken    dd ?
.code

    start proc
        invoke GdiplusStartup,ADDR GDItoken,ADDR gdii,0
        invoke GdiplusShutdown,GDItoken
        invoke ExitProcess, eax
    start endp
end

crashes in the middle of GdiplusShutdown somewhere and makes WinDbg (program and app) do this

Code Select

GetContextState failed, 0x80070005
GetContextState failed, 0x80070005
GetContextState failed, 0x80070005
GetContextState failed, 0x80070005
GetContextState failed, 0x80070005
Unable to get program counter
GetContextState failed, 0x80070005
GetContextState failed, 0x80070005
Unable to get current machine context, Win32 error 0n5

Does anyone else with a different debugger get any problem?
Just run the program and let it finish.

zedd151 · April 12, 2025, 06:56:04 PM

Runs fine on Windows 10 64 bit 22H2 - in 32 bit, running in ollydbg. No crash, no exception thrown.
Both calls return 0 in eax, indicating succes.

zedd151 · April 12, 2025, 07:01:24 PM

I also made a 64 bit version. Runs fine Windows 10 22H2, x64dbg.

No crash, no exceptions, both return with 0 in rax.

six_L · April 12, 2025, 07:03:31 PM

Hi,sinsi
No crash, no exception thrown.

Code Select

.data?
    m_gdiplusToken    dd ?



.code

InitGgdiplus proc
    local @gdis:GdiplusStartupInput
    
    mov    @gdis.GdiplusVersion,1
    mov    @gdis.DebugEventCallback,0
    mov    @gdis.SuppressBackgroundThread,0
    mov    @gdis.SuppressExternalCodecs,0
    invoke    GdiplusStartup,addr m_gdiplusToken,addr @gdis,NULL
    ret

InitGgdiplus endp

WinMainCRTStartup Proc
    int 3
    invoke    InitGgdiplus
    invoke    GdiplusShutdown,m_gdiplusToken
    invoke    ExitProcess,NULL    
WinMainCRTStartup Endp

maybe Here(gdii GdiplusStartupInput <1>) is error.

zedd151 · April 12, 2025, 07:09:45 PM

Quote from: six_L on April 12, 2025, 07:03:31 PMmaybe Here(gdii GdiplusStartupInput <1>) is error.

I have been pre-initializing GdiplusStartupInput with <1,0,0,0> more recently myself.

No need for this that way:

Code Select

    mov    @gdis.GdiplusVersion,1
    mov    @gdis.DebugEventCallback,0
    mov    @gdis.SuppressBackgroundThread,0
    mov    @gdis.SuppressExternalCodecs,0

It shoudn't be an issue in sinsi's case it is in '.data'. He iniatialzes the first member, all others are already zero on program startup. That is what I used for these tests.

zedd151 · April 12, 2025, 07:16:15 PM

For completeness, as this is the final debugger on my machine...

Runs fine on Windows 10 64 bit 22H2 - in 32 bit, running in x32dbg.
No crash, no exception thrown.

Both calls return 0 in eax, indicating succes.

sinsi · April 12, 2025, 07:26:18 PM

Here is the windbg session

Code Select

eax=0019ffcc ebx=00298000 ecx=00401000 edx=00401000 esi=00401000 edi=00401000
eip=00401000 esp=0019ff78 ebp=0019ff84 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
sinsi_gdip+0x1000:
00401000 6a00            push    0
0:000> p
eax=0019ffcc ebx=00298000 ecx=00401000 edx=00401000 esi=00401000 edi=00401000
eip=00401002 esp=0019ff74 ebp=0019ff84 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
sinsi_gdip+0x1002:
00401002 6800304000      push    offset sinsi_gdip+0x3000 (00403000)
0:000> p
eax=0019ffcc ebx=00298000 ecx=00401000 edx=00401000 esi=00401000 edi=00401000
eip=00401007 esp=0019ff70 ebp=0019ff84 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
sinsi_gdip+0x1007:
00401007 6810304000      push    offset sinsi_gdip+0x3010 (00403010)
0:000> p
eax=0019ffcc ebx=00298000 ecx=00401000 edx=00401000 esi=00401000 edi=00401000
eip=0040100c esp=0019ff6c ebp=0019ff84 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
sinsi_gdip+0x100c:
0040100c e81d000000      call    sinsi_gdip+0x102e (0040102e)
0:000> p
ModLoad: 6eda0000 6ee22000   C:\WINDOWS\SysWOW64\uxtheme.dll
eax=00000000 ebx=00298000 ecx=00000000 edx=00030000 esi=00401000 edi=00401000
eip=00401011 esp=0019ff78 ebp=0019ff84 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
sinsi_gdip+0x1011:
00401011 ff3510304000    push    dword ptr [sinsi_gdip+0x3010 (00403010)] ds:002b:00403010=10b43579
0:000> p
eax=00000000 ebx=00298000 ecx=00000000 edx=00030000 esi=00401000 edi=00401000
eip=00401017 esp=0019ff74 ebp=0019ff84 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
sinsi_gdip+0x1017:
00401017 e80c000000      call    sinsi_gdip+0x1028 (00401028)
0:000> p
ModLoad: 75530000 75648000   C:\WINDOWS\SysWOW64\MSCTF.dll
GetContextState failed, 0x80070005
GetContextState failed, 0x80070005
GetContextState failed, 0x80070005
GetContextState failed, 0x80070005
GetContextState failed, 0x80070005
Unable to get program counter
GetContextState failed, 0x80070005
GetContextState failed, 0x80070005
Unable to get current machine context, Win32 error 0n5
GetContextState failed, 0x80070005
GetContextState failed, 0x80070005
Unable to get current machine context, Win32 error 0n5
GetContextState failed, 0x80070005

In the last call sinsi_gdip+0x1028 is a pointer to GdiplusShutdown
and as you can see it doesn't return, just leaves windbg in an unusual state.

BTW, it happend in every program I've downloaded, including all of yours, zedd.
No errors thrown, event viewer has no crashes.
Must be windbg.

zedd151 · April 12, 2025, 07:30:53 PM

Quote from: sinsi on April 12, 2025, 07:26:18 PMBTW, it happend in ... yours, zedd.
...
Must be windbg.

Must be, I don't write bugs. My programs just have 'features' that some folks may fail to appreciate.

But seriously, I have never used windbg. Maybe it is somehow misconfigured?

I assume there are user settings somewhere.

Have you tried it (windbg) with the default settings?

sinsi · April 12, 2025, 08:00:39 PM

Well, the debugger in VS seems to be OK with it, so it must be windbg.
Case closed.

Biterider · April 12, 2025, 08:12:45 PM

Hi Sinsi
I have compiled and debugged the "short code" from the first post using the VS debugger.
On my current system (Win10 Home) GdiPlusShutdown returns 0 without crashing.

Regards, Biterider

zedd151 · April 12, 2025, 08:14:50 PM

Quote from: sinsi on April 12, 2025, 08:00:39 PMWell, the debugger in VS seems to be OK with it, so it must be windbg.
Case closed.

Well at least you got that sorted out.
Is this the only time that you have had issues with windbg? Or just the first time that you noticed it?

sinsi · April 12, 2025, 08:30:55 PM

Quote from: zedd151 on April 12, 2025, 08:14:50 PMIs this the only time that you have had issues with windbg? Or just the first time that you noticed it?

Had a problem with viewing the Registers window but reinstalling it fixed that problem, but not the gdi+ one

zedd151 · April 12, 2025, 08:36:23 PM

Quote from: sinsi on April 12, 2025, 08:30:55 PMHad a problem with viewing the Registers window but reinstalling it fixed that problem, but not the gdi+ one

Just be careful if you are still going to use it. Any results there may have to be verified through another debugger.

sinsi · April 12, 2025, 08:49:42 PM

Quote from: zedd151 on April 12, 2025, 08:36:23 PM
Quote from: sinsi on April 12, 2025, 08:30:55 PMHad a problem with viewing the Registers window but reinstalling it fixed that problem, but not the gdi+ one
Just be careful if you are still going to use it. Any results there may have to be verified through another debugger.

I generally use the VS one, especially now

greenozon · April 13, 2025, 05:44:37 PM

Win7
got stuck forever inside
invoke GdiplusShutdown,GDItoken

The MASM Forum

News:

Problem - GDI+ or WinDbg?

sinsi

zedd151

zedd151

six_L

zedd151

zedd151

sinsi

zedd151

sinsi

Biterider

zedd151

sinsi

zedd151

sinsi

greenozon