OS/2 Shareware BBS: 11 Util

home *** CD-ROM | disk | FTP | other *** search

/ OS/2 Shareware BBS: 11 Util / 11-Util.zip / FINDSEG.ZIP / TRAPD.DOC < prev

Wrap

Text File | 1992-06-03 | 11KB | 263 lines

1. About TRAP-D TRAP-D is caused by invalid memory access operations. The following operations cause TRAP-D. (1) The segment register points to an invalid segment descriptor. (2) The offset of the address goes beyond the size of the segment descriptor. (When the stack pointer goes beyond the size of the stack segment, TRAP-C(stack overflow) occurs.) (3) The privilege rules have been violated. (A program accesses the data which belongs to the different privilege level.) (4) Code segment is loaded with a value of the data segment descriptor. (except alias segment) (5) A program tries to read from an execute only code segment or to write into a read only data segment. Generally, most of TRAP-Ds are caused by case (1) or (2). The following C sample programs illustrate case (1) and (2). Case (1). void main(int argc, char **argv, char **envp) { /* p has an invalid selector value 0x1234 */ int far *p = (int far *)0x12345678L; /* TRAP-D will occur on the following code because it tries */ /* to access an invalid address. */ *p = 1; : : } Case (2). void main(int argc, char **argv, char **envp) { char far *p; unsigned selector; /* Allocate a memory whose size is 10 bytes */ DosAllocSeg(10, &selector, 0); /* Make p point to the top of the memory area allocated by the */ /* above DosAllocSeg */ FP_SEG(p) = selector; FP_OFF(p) = 0; p += 100; /* TRAP-D will occur on the following code because the offset */ /* of p goes beyond the size of the memory area (i.e. 10). */ *p = 1; : : } 2. About TRAP-D popup panel When a program causes a protection violation (TRAP-D), you will see the following popup panel. +-----------------------------------------------------------------+ | | 1 | Session Title: | 2 | XXXXXXXX | 3 | | 4 | SYS1943: A program caused a protection violation. | 5 | | 6 | TRAP 000D | 7 | AX=0000 BX=0000 CX=000B DX=0047 BP=0FF0 | 8 | SI=02FF DI=1349 DS=0067 ES=0000 FLG=2246 | 9 | CS=0047 IP=0017 SS=0067 SP=0FEC MSW=FFFB | 10 | CSLIM=0624 SSLIM=134F DSLIM=134F ESLIM=**** | 11 | CSACC=FB SSACC=F3 DSACC=F3 ESACC=** | 12 | ERRCD=1234 ERLIM=**** ERACC=** | | | +-----------------------------------------------------------------+ | End the program | | | | | +-----------------------------------------------------------------+ Line 2 : Session name to which the TRAP-D program belongs. Line 4 : Cause of the error. When a program causes a TRAP-C, this line will be SYS1942: A program attempted to reference storage outside the limits of a stack segment. Line 6 : Kind of traps Line 7-9: Dump of registers. Line 10 : Size of the segment that segment register points to. When a value of the segment register is invalid, this field is filled with ****. Line 11 : (80286 architecture) Access rights byte of the segment descriptor. This access rights byte of the general segment descriptor is as follows. bit 0: Access bit (used by OS for memory management) bit 1: Access type Code segment Data segment 0 Execute only Read only 1 Execute/Read Read/Write bit 2: Expansion direction (DATA segment) 0 Downward 1 Upward Conforming type 0 Non-conforming segment 1 Conforming segment bit 3: Segment type 0 Non-executable segment (DATA segment) 1 Executable segment (CODE segment) bit 4: Always 1. bit 5-6: Descriptor privilege level (from 0 to 3) bit 7: Present bit (used by OS for memory management) If A program runs in the descriptor privilege level 3, Access rights byte of a CODE segment is 0xFB and DATA segment is 0xF3. When a value of the segment register is invalid, this field is filled with **. Line 12 : Value of the segment descriptor which is the cause of the TRAP-D, its size, and its access rights byte. In the above sample code of the case (1), ERRCD=1234, ERLIM=****, and ERACC=** because 0x1234 is an invalid segment descriptor value. 3. How to use FINDSEG to find out TRAP-D module. To search TRAP-D module, you had better set CSLIM value in TRAP-D panel as segment length(-l switch) rather than DSLIM, ESLIM or SSLIM because data segments(DS, ES, SS) might be allocated or reallocated after the process started. You had better set IP value(by -I switch). When two or more modules are found, you can determine TRAP-D module from disassembled code. For example, TRAP-D may not occur on the following instructions mov ax, 0 inc cx : etc. and the following instructions have potential of TRAP-D (or TRAP-C). TRAP-D occurs on the following condition. pop ax <--- sp exceeds SSLIM (In this case TRAP-C will occur). les bx, es:╒bx+si■ <--- bx+si exceeds ESLIM or ES is invalid rep movs <--- si exceeds DSLIM or di exceeds ESLIM : etc. So I recommend you the following command to find out TRAP-D module from the TRAP-D popup panel mentioned in section 3. findseg -c -lx624 -Ix17 -s C:\ (CODE segment only, CSLIM=0624, IP=0017) If doubtful EXEs and DLLs are in other drives too (i.e. LIBPATH and PATH environment includes other drives), you have to check out each drives. 4. How to interpret outputs of FINDSEG The following depicts outputs of findseg. C:\OS2\DLL\PMGPI.DLL <--- File name 265110bytes 90-03-30 01:20:00 <--- File size and update time 001 05FCC CODE MOVABLE NONSHARED LOADONCALL E/R RELOC PL2 NONDISCARDABLE (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Instruction: push es:╒bx+si■ <-- Disassembled code (1) : Entry id in segment table (2) : Minimum allocation size for the segment (3) : Segment type (CODE/DATA) (4) : Fixed or Movable segment (5) : Shared or Nonshared segment (6) : Preload or Load on call segment (7) : Execute/read or Execute-only if code, Read/Write or Read-only if data (8) : Relocation table present or not (9) : Privilege level (10): Discardable or Nondiscardable segment File name, Minimum allocation size, segment type and disassembled code are important in above information. Other information is not used usually. If two or more segments are reported, you have to check disassembled code. If "IP is invalid value" is printed, the code segment is not what you want. If a disassembled code is printed, you have to check whether the instruction caused a TRAP-D(or TRAP-C) or not from segment register values in a popup panel. Example 1. Instruction: mov ax, es:╒bx+si■ ESLIM=0020, BX=0010, SI=0016 | | V Because offset(bx+si=0026) exceeds ESLIM, this instruction will cause a TRAP-D. Example 2. Instruction: mov ax, es:╒bx+si■ ESLIM=0020, BX=0010, SI=0006 | | V Because offset(bx+si=0016) is within ESLIM, this instruction will not cause a TRAP-D. Example 3. Instruction: mov es, bx ERRCD=1234, ERLIM=****, BX=1234 | | V Because this instruction tries to load an invalid segment descriptor value (BX=1234) into ES, it will cause a TRAP-D. Example 4. Instruction: rep movs DSLIM=1000, ESLIM=8000, SI=1002, DI=2002 | | V Because SI(=1002) exceeds DSLIM, this instruction will cause a TRAP-D. Example 5. Instruction: pop ax SSLIM=0BFF, SP=0C00 | | V Because SP(=0C00) exceeds SSLIM, this instruction will cause a TRAP-C. In case that two or more segments are left after the above considerations, it might help you that search DSLIM, ESLIM or SSLIM from DATA segments unless DS, ES and SS were allocated or reallocated after a process started. 5. Other Information (1) Sometimes CSLIM is one byte different from the segment size written in an executable file. So the default search range is form CSLIM-1 to CSLIM+1. (2) The module reported by FINDSEG is not always a perpetrator of TRAP-D. There is a case that the callee of the module passes an invalid parameter to the module. (3) In case that the TRAP-D is reproducible, Code view(a debugger) will help you. For example, If TRAP-D occurs while EXCEL.EXE is running, type CVP EXCEL.EXE from OS/2 command prompt. After code view starts, just type g and ENTER-KEY, and replay operations that cause TRAP-D. When TRAP-D occurs, the code view shows you instructions where TRAP-D occurs and more information.