版本: win 3.9.12.17
着手点:
基础日志
ws2_32.dll 模块, 断点 send 函数, stack 中找调试字符串, 找到以后, 单步看有无全面的字符串. 记录地址和寄存器即可.
- .$261BBB0 在这断 读RVA 不全面, 编码读时有问题
- .$4374FBA 这里也可以 RBX RCX
- .$3D0BEB6 读RBX 涉及到了多线程同步(通过互斥锁)、异常处理(通过获取和设置异常处理的上下文)和本地化(通过 _LocaleUpdate 结构) 分配内存以及日志填充 funcname:sub_183E13C40
调试信息
代入一个文件地址,如 *.cpp, 查找字符串, 定位到对应位置, 直接进入函数, 在函数尾部断点即可, 应有 文件地址, 调用时间, 调试信息, sql语句.
log message:
- .$2507816 sql执行语句
- .$261BBC6 RAX 调试信息 r12 文件地址 r15 模块名 funcname:sub_18261B890
基础日志输出:
NetSceneSync id:1485 New start
sync with MM_NEWSYNC_MSGDIGEST flag
in send NetSceneSync(id:1485)
current sync count: 1
full match, cgi:/cgi-bin/micromsg-bin/newsync, networkType:3, md5:903b6bfda5e06581502f16702635e66e, protocol:2, quic.cnt:6, function:basic
task start long short taskid:1485, cmdid:26, need_authed:true, cgi:/cgi-bin/micromsg-bin/newsync, channel_select:3, limit_flow:true, channel_name:default-longlinkhost:, send_only:false, cmdid:26, server_process_cost:-1, retrycount:3, channel_strategy:0, channel_name:default-longlink total_timeout:-1, network_status_sensitive:false, priority:3, report_arg:138
-> mars::stn::LongLinkTaskManager::__RunLoop
host ip to callback is szlong.weixin.qq.com, task's channel name:default-longlink
makesureauth host:szlong.weixin.qq.com, auth result:true, cgi:/cgi-bin/micromsg-bin/newsync, channal name:default-longlink
client_sequence_id:26957
encode
EnsureExpandSize 51 to 355 increase 304
out NetSceneSync::req2Buf size:355, id:1485
task add into longlink readwrite suc cgi:/cgi-bin/micromsg-bin/newsync, cmdid:121, taskid:1485, size:355, channel name:default-longlink, timeout(firstpkg:12, rw:17, task:80), retry:3, curtime:1248301765, start_send_time:1248301765, sendonly:false
return WSAWaitForMultipleEvents, ret=0
<- mars::stn::LongLinkTaskManager::__RunLoop +1,
alarm cancel id:555776725680, seq:838, after:210000
alarm start noop alarm
alarm id:555776725680, after:210000, seq:839, po.reg.q:40172,po.reg.s:0,po.s:25133, MQ:40172
task socket send sock:7384, all send:392, count:1, sub send taskid:1485, cmdid:121, /cgi-bin/micromsg-bin/newsync, len(S:392, 392/392),
task socket recv sock:7384, recv len:399, buff len:399
task socket recv sock:7384, pack recv finish taskid:1485, cmdid:1000000121, /cgi-bin/micromsg-bin/newsync, packlen:(378/378)
out NetSceneSync::buf2Resp id:1485
AppConfig GetConfig key:NoRetryPkgFail, default value:false
AppConfig GetConfig return default value.
AppConfig GetConfig key:NoRetryServerFail, default value:false
AppConfig GetConfig return default value.
server_sequence_id:0
-> mars::stn::LongLinkTaskManager::__SingleRespHandle
task end callback long cmdid:121, err(0, 0, 0), svr(240e:ff:f100:42::34:80, NewDNSIP, szlong.weixin.qq.com), cli(, 240e:3b1:349e:7e01:e51e:d417:3bcd:5fc3, n:wifi_, sig:0, link:Long), cost(s:355, r:362, c:15, rw:47), all:47, retry:3, cgi:/cgi-bin/micromsg-bin/newsync, taskid:1485, tid:109560, context id:
onGYNetEnd sceneID:1485 errType:0 errCode:0
onGYNetEnd(NetSceneSync id:1485 timecost: 47,errType:0, errCode:0)
调试信息日志输出
WindowSizeReportMgr D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\02_manager\WindowSizeReportMgr.cpp
(2024-9-28:10:54:34:500 100204)-i/WindowSizeReportMgr:windows report is show 1 window client 799 290 908 574
WindowSizeReportMgr D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\02_manager\WindowSizeReportMgr.cpp
(2024-9-28:10:54:34:927 100204)-i/WindowSizeReportMgr:windows report screen dpi 96 1920 1080
WindowSizeReportMgr D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\02_manager\WindowSizeReportMgr.cpp
(2024-9-28:10:54:35:302 100204)-i/BusinessStatusMgr:Start Init
BusinessStatusMgr D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\02_manager\BusinessStatusMgr.cpp
(2024-9-28:10:54:43:109 100204)-i/StateMgr:onChatWinForeground, pendding change state isForground=true
StateMgr D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\02_manager\StateMgr.cpp
(2024-9-28:10:54:44:628 100204)-i/VoiceAutoTransMgr:changeUserPrioty 1
VoiceAutoTransMgr D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\02_manager\VoiceAutoTranMgr.cpp
(2024-9-28:10:54:45:404 100204)-i/ExtendChatView:set focus to inputedit
ExtendChatView D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\01_ui\chat\ExtendChatView.cpp
(2024-9-28:10:54:46:021 108912)-i/PerformanceDetect:block interval = 8607ms, accumulated block time = 405282ms, block count = 26, readIOCount = 0/s, writeIOCount = 1/s, otherOPCount = 13/s, readSpeed = 0KB/s, writeSpeed = 1KB/s, otherSpeed = 0KB/s
PerformanceDetect D:\Tools\agent\workspace\MicroMsgWindowsV3912\third_party\PerformanceTools\src\PerformanceDetect.cpp
(2024-9-28:10:54:47:435 100204)-i/SessionMgr:chatwnd is at background, shouldn't set readed
SessionMgr D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\02_manager\SessionMgr.cpp
(2024-9-28:10:54:48:063 100204)-i/TrayNotifyWnd:showTrayNotify sessionCount:0
TrayNotifyWnd D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\01_ui\trayNotify\TrayNotifyWnd.cpp
(2024-9-28:10:54:48:717 100204)-i/MainWnd:WM_LBUTTONDOWN m_isTrayTipsDisplay=false
MainWnd D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\01_ui\MainWnd.cpp
(2024-9-28:10:54:50:021 108912)-i/PerformanceDetect:block interval = 2594ms, accumulated block time = 412195ms, block count = 26, readIOCount = 1/s, writeIOCount = 2/s, otherOPCount = 39/s, readSpeed = 1KB/s, writeSpeed = 1KB/s, otherSpeed = 0KB/s
PerformanceDetect D:\Tools\agent\workspace\MicroMsgWindowsV3912\third_party\PerformanceTools\src\PerformanceDetect.cpp
(2024-9-28:10:54:50:786 100204)-i/FTSThreadHelper:RangeInfo MultiMsgSearchMgr Range : Start Index : 5, Start Id : 1 endId 112128, End Index : 0, StartId : 0 EndId 75329
FTSThreadHelper D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\01_ui\FTS\Logic\FTSThreadHelper.cpp
(2024-9-28:10:54:51:845 100204)-i/FTSThreadHelper:RangeInfo FTSMultiDBMsgMgr Range : Start Index : 5, Start Id : 1 endId 112128, End Index : 0, StartId : 0 EndId 75329
FTSThreadHelper D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\01_ui\FTS\Logic\FTSThreadHelper.cpp
MSG0.db MultiDBMsgStorage D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\03_service\storage\ChatMsgStorageBase.cpp
(2024-9-28:10:54:57:931 100204)-i/StorageBase:Storage Performance Read : cost 5415 sql SELECT * FROM MSG WHERE type > 1 AND type < 10000 AND rowid < ?1 ORDER BY localId DESC LIMIT 100
StorageBase D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\03_service\storage\StorageBase.cpp
(2024-9-28:10:55:10:173 77416)-i/WinMarsMgr:onNotify seq:default-longlink cmd:24
WinMarsMgr D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\02_manager\Win_Mars.cpp
(2024-9-28:10:55:15:095 77416)-i/WinMarsMgr:onNotify seq:default-longlink cmd:24
WinMarsMgr D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\02_manager\Win_Mars.cpp
(2024-9-28:10:55:15:095 77416)-i/WinMarsMgr:onNotify seq:default-longlink cmd:24
WinMarsMgr D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\02_manager\Win_Mars.cpp
(2024-9-28:10:55:15:107 108912)-i/PerformanceDetect:block interval = 7143ms, accumulated block time = 420104ms, block count = 26, readIOCount = 0/s, writeIOCount = 0/s, otherOPCount = 0/s, readSpeed = 0KB/s, writeSpeed = 0KB/s, otherSpeed = 0KB/s
PerformanceDetect D:\Tools\agent\workspace\MicroMsgWindowsV3912\third_party\PerformanceTools\src\PerformanceDetect.cpp
(2024-9-28:10:55:15:133 100204)-i/FTSThreadHelper:RangeInfo MultiMsgSearchMgr Range : Start Index : 5, Start Id : 1 endId 112128, End Index : 0, StartId : 0 EndId 75329
FTSThreadHelper D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\01_ui\FTS\Logic\FTSThreadHelper.cpp
(2024-9-28:10:55:15:133 100204)-i/FTSThreadHelper:RangeInfo FTSMultiDBMsgMgr Range : Start Index : 5, Start Id : 1 endId 112128, End Index : 0, StartId : 0 EndId 75329
FTSThreadHelper D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\01_ui\FTS\Logic\FTSThreadHelper.cpp
MSG0.db MultiDBMsgStorage D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\03_service\storage\ChatMsgStorageBase.cpp
MSG0.db MultiDBMsgStorage D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\03_service\storage\ChatMsgStorageBase.cpp
(2024-9-28:10:55:15:137 95756)-i/SyncMgr:last time: 1727491949, now time: 1727492115, diff: 166, switch: 1
SyncMgr D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\02_manager\SyncMgr.cpp
(2024-9-28:10:55:15:137 95756)-i/NetSceneSync:new NetSceneSync (id:523)
NetSceneSync D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\03_service\net\scene\NetSceneSync.cpp
(2024-9-28:10:55:15:137 95756)-i/NetSceneSync:goDoScene(id:523) is_accumlated: 0
NetSceneSync D:\Tools\agent\workspace\MicroMsgWindowsV3912\MicroMsgWin\03_service\net\scene\NetSceneSync.cpp
(2024-9-28:10:55:15:137 95756)-i/SyncMgr:Sync key hash : 5848942007142591110
特征点:
基础日志
48 89 45 C0 48 8B D6 48 8D 4D 80 E8 ?? ?? ?? ?? 90 48 8D 45 F0 48 8B 4D E0 48 3B C8 74 05 E8 ?? ?? ?? ?? 48 8B 8D 00 12 00 00 48 33 CC E8 ?? ?? ?? ?? 48 81 C4 18 13 00 00 41 5F
调试信息
48 89 45 C0 48 8B D6 48 8D 4D 80 E8 ?? ?? ?? ?? 90 48 8D 45 F0 48 8B 4D E0 48 3B C8 74 05 E8 ?? ?? ?? ?? 48 8B 8D 00 12 00 00 48 33 CC E8 ?? ?? ?? ?? 48 81 C4 18 13 00 00 41 5F