Search code examples
c++visual-studiodebuggingvisual-studio-2017dump

How can debugged variables be NULL when source code proves otherwise?

I'm debugging a full memory dump (procdump -ma ...), and I'm investigating the call stack, corresponding with following piece of source code:

unsigned int __stdcall ExecutionThread(void* pArg)
{
    __try
    {
        BOOL bRunning = TRUE;
        CInternalManagerObject* pInternalManagerObject = (CInternalManagerObject*) pArg;

        pInternalManagerObject->Init();
        
        CInternaStartlManagerObject* pInternaStartlManagerObject = pInternalManagerObject->GetInternaStartlManagerObject();

        while(bRunning)
        {
            bRunning = pInternalManagerObject->Poll(pInternaStartlManagerObject);

            if (CSLGlobal::IsValidHandle(_Module.m_hNeverEvent))
                WaitForSingleObject(_Module.m_hNeverEvent, 15);
        } <<<<<<<<<<<<<<<<============== here is the call stack pointer
                
        pInternalManagerObject->DeInit();

As you can see, pArg is being typecasted and then being used, so it's impossible for pArg to be NULL, but yet this is exactly what the watch-window is telling me. In top of this, the internal variables seem not to be known (also as mentioned in the watch-window).

Watch-window content :

pArg                    0x0000000000000000  void *
bRunning                identifier "bRunning" is undefined  
pInternalManagerObject  identifier "pInternalManagerObject" is undefined

I can understand bRunning being optimised away, as this variable is not used anymore, but this is not correct for pInternalManagerObject, which is still used in the following line.

The symbols seem to be loaded fine.

I'm viewing this using Visual Studio Professional 2017, version 15.8.8.

Does anybody have a clue what might be causing this weird behaviour and what I can do in order to get a dump with correct values for the internal variables?

Edit after question for generated assembly code

The generated assembly is:

    27: 
    28: unsigned int __stdcall ExecutionThread(void* pArg)
    29: {
00007FF69C7A1690 48 89 5C 24 08       mov         qword ptr [rsp+8],rbx  
00007FF69C7A1695 48 89 74 24 10       mov         qword ptr [rsp+10h],rsi  
00007FF69C7A169A 57                   push        rdi  
00007FF69C7A169B 48 83 EC 20          sub         rsp,20h  
00007FF69C7A169F 48 8B F9             mov         rdi,rcx  
    30:     __try
    31:     {
    32:         BOOL bRunning = TRUE;
00007FF69C7A16A2 BB 01 00 00 00       mov         ebx,1  
    33:         CInternalManagerObject* pInternalManagerObject = (CInternalManagerObject*) pArg;
    34: 
    35:         pInternalManagerObject->Init();
00007FF69C7A16A7 E8 64 EA FD FF       call        CInternalManagerObject::Init (07FF69C780110h)  
    36:         
    37:         CBaseManager* pBaseManager = pInternalManagerObject->GetBaseManager();
00007FF69C7A16AC 48 8B CF             mov         rcx,rdi  
00007FF69C7A16AF E8 0C E9 FD FF       call        CInternalManagerObject::GetBaseManager (07FF69C77FFC0h)  
00007FF69C7A16B4 48 8B F0             mov         rsi,rax  
    40:         {
    41:             bRunning = pInternalManagerObject->Poll(pBaseManager);
00007FF69C7A16B7 48 8B CF             mov         rcx,rdi  
    38: 
    39:         while(bRunning)
00007FF69C7A16BA 85 DB                test        ebx,ebx  
00007FF69C7A16BC 74 2E                je          ExecutionThread+5Ch (07FF69C7A16ECh)  
    40:         {
    41:             bRunning = pInternalManagerObject->Poll(pBaseManager);
00007FF69C7A16BE 48 8B D6             mov         rdx,rsi  
    40:         {
    41:             bRunning = pInternalManagerObject->Poll(pBaseManager);
00007FF69C7A16C1 E8 7A ED FD FF       call        CInternalManagerObject::Poll (07FF69C780440h)  
00007FF69C7A16C6 8B D8                mov         ebx,eax  
    42: 
    43:             if (CSLGlobal::IsValidHandle(_Module.m_hNeverEvent))
00007FF69C7A16C8 48 8D 0D C1 13 0E 00 lea         rcx,[_Module+550h (07FF69C882A90h)]  
00007FF69C7A16CF E8 3C F2 FB FF       call        __Skyline_Global::CSLGlobal::IsValidHandle (07FF69C760910h)  
00007FF69C7A16D4 85 C0                test        eax,eax  
00007FF69C7A16D6 74 12                je          ExecutionThread+5Ah (07FF69C7A16EAh)  
    44:                 WaitForSingleObject(_Module.m_hNeverEvent, 15);
00007FF69C7A16D8 BA 0F 00 00 00       mov         edx,0Fh  
00007FF69C7A16DD 48 8B 0D AC 13 0E 00 mov         rcx,qword ptr [_Module+550h (07FF69C882A90h)]  
00007FF69C7A16E4 FF 15 16 0B 08 00    call        qword ptr [__imp_WaitForSingleObject (07FF69C822200h)]  
    45:         }
00007FF69C7A16EA EB CB                jmp         ExecutionThread+27h (07FF69C7A16B7h)  
    46: 
    47:         pInternalManagerObject->DeInit();
00007FF69C7A16EC E8 FF E7 FD FF       call        CInternalManagerObject::DeInit (07FF69C77FEF0h)  
    48:     }

I suppose this means that the correct value of pArg can be found in register RDI.

The Register window gives me following information:

RAX = 0000000000000000
RBX = 0000000000000001
RCX = 0000000000000000
RDX = 0000000000000000
RSI = 00000072A1E83220
RDI = 00000072A14A9990
...

Having a look into the memory at the mentioned place, I see hexadecimal values like:

0x00000072A14A9990  98 59 82 9c f6 7f 00 00 01 00 00 00 00 00 08 00 28 d2 28 62 f9 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 0e 78 a2 72 00  ˜Y.œö...........(Ò(bù...................................P.x¢r.
0x00000072A14A99CE  00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 5c 07 00 00 00 00 00 00 d0 07 00 02 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ..ÿÿÿÿ............\.......Ð.......ÿÿÿÿÿÿÿÿÿÿÿÿ................
0x00000072A14A9A0C  00 00 00 00 d0 07 00 02 00 00 00 00 38 59 82 9c f6 7f 00 00 f0 90 60 a2 72 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 59 82 9c f6 7f 00 00 00 00

Does this mean that pArg is not NULL indeed?

Solution

  • Does this mean that pArg is not NULL indeed?

    No it does not mean that; pArg is null. The watch window tells you, the registers tell you.

    As you can see, pArg is being typecasted and then being used, so it's impossible for pArg to be NULL.

    That's not correct; that's not what the cast does. If the variable is null then the result of the cast will be null.

    https://en.cppreference.com/w/c/language/cast

    I suppose this means that the correct value of pArg can be found in register RDI.

    No; pArg is mounted onto rcx; mov works right-to-left.

    mov         rcx,rdi
RCX = 0000000000000000

    https://c9x.me/x86/html/file_module_x86_id_176.html

    I can understand bRunning being optimised away, as this variable is not used anymore, but this is not correct for pInternalManagerObject, which is still used in the following line.

    My guess is that you've observed the watch window when the program counter is on the first line of your function. bRunning and pInternalManagerObject are out of scope. (Although they could potentially be stripped due to optimisation). Note that if a variable is stripped you won't be able to see it even if it is used.

    Thoughts

    • Program defensively. make a call to assert (or whatever assertion macro the codebase uses) in order to check the value of pArg (or any other pointer) before dereferencing. If it's an error you could reasonably see in production, go one step further: log the unexpected behaviour and early-out the function. http://www.cplusplus.com/reference/cassert/assert/
    • KISS: Whilst I'd commend anyone who's willing to get their "hands dirty" in this case it's just not necessary to start cracking open the disassembly. In this case the answer's right there. https://en.wikipedia.org/wiki/KISS_principle