下面是OD跟踪代码.出错的CALL调用的是GetDlgItem函数5003F422 . 83EC 5C SUB ESP,5C
5003F425 . 56 PUSH ESI
5003F426 . 57 PUSH EDI
5003F427 . 8BF9 MOV EDI,ECX
5003F429 . 33F6 XOR ESI,ESI
5003F42B . 39B7 AC000000 CMP DWORD PTR DS:[EDI+AC],ESI
5003F431 . 0F84 20E40400 JE devshl.5008D857
5003F437 . 53 PUSH EBX
5003F438 . 68 33500000 PUSH 5033
5003F43D . E8 2796FCFF CALL <JMP.&MFC42.#3092>
5003F442 . F687 96000000>TEST BYTE PTR DS:[EDI+96],8
5003F449 . 8BF0 MOV ESI,EAX
5003F44B . 8975 EC MOV DWORD PTR SS:[EBP-14],ESI
5003F44E . 0F84 ACE30400 JE devshl.5008D800
5003F454 . 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
5003F457 . 50 PUSH EAX ; /pRect
5003F458 . FF76 20 PUSH DWORD PTR DS:[ESI+20] ; |hWnd
5003F45B . 8B35 50240050 MOV ESI,DWORD PTR DS:[<&USER32.GetWindow>; |USER32.GetWindowRect
5003F461 . FFD6 CALL ESI ; \GetWindowRect
5003F463 . FF77 20 PUSH DWORD PTR DS:[EDI+20] ; /hWnd
5003F466 . 8B1D 88240050 MOV EBX,DWORD PTR DS:[<&USER32.GetParent>; |USER32.GetParent
5003F46C . FFD3 CALL EBX ; \GetParent
5003F425 . 56 PUSH ESI
5003F426 . 57 PUSH EDI
5003F427 . 8BF9 MOV EDI,ECX
5003F429 . 33F6 XOR ESI,ESI
5003F42B . 39B7 AC000000 CMP DWORD PTR DS:[EDI+AC],ESI
5003F431 . 0F84 20E40400 JE devshl.5008D857
5003F437 . 53 PUSH EBX
5003F438 . 68 33500000 PUSH 5033
5003F43D . E8 2796FCFF CALL <JMP.&MFC42.#3092>
5003F442 . F687 96000000>TEST BYTE PTR DS:[EDI+96],8
5003F449 . 8BF0 MOV ESI,EAX
5003F44B . 8975 EC MOV DWORD PTR SS:[EBP-14],ESI
5003F44E . 0F84 ACE30400 JE devshl.5008D800
5003F454 . 8D45 B8 LEA EAX,DWORD PTR SS:[EBP-48]
5003F457 . 50 PUSH EAX ; /pRect
5003F458 . FF76 20 PUSH DWORD PTR DS:[ESI+20] ; |hWnd
5003F45B . 8B35 50240050 MOV ESI,DWORD PTR DS:[<&USER32.GetWindow>; |USER32.GetWindowRect
5003F461 . FFD6 CALL ESI ; \GetWindowRect
5003F463 . FF77 20 PUSH DWORD PTR DS:[EDI+20] ; /hWnd
5003F466 . 8B1D 88240050 MOV EBX,DWORD PTR DS:[<&USER32.GetParent>; |USER32.GetParent
5003F46C . FFD3 CALL EBX ; \GetParent
5003F46F . E8 8243FCFF CALL <JMP.&MFC42.#2864>
5003F474 . 68 80040000 PUSH 480
5003F479 . 8BC8 MOV ECX,EAX
5003F47B . E8 E995FCFF CALL <JMP.&MFC42.#3092>
5003F480 . 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-58]
5003F483 . 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
5003F486 . 51 PUSH ECX
5003F487 . FF70 20 PUSH DWORD PTR DS:[EAX+20]
5003F48A . FFD6 CALL ESI
5003F48C . 8B45 B0 MOV EAX,DWORD PTR SS:[EBP-50]
5003F48F . 8B4D B4 MOV ECX,DWORD PTR SS:[EBP-4C]
5003F492 . 2B4D AC SUB ECX,DWORD PTR SS:[EBP-54]
5003F495 . 83C0 05 ADD EAX,5
5003F498 . 8945 B0 MOV DWORD PTR SS:[EBP-50],EAX
5003F49B . 2B45 A8 SUB EAX,DWORD PTR SS:[EBP-58]
5003F49E . 68 46070000 PUSH 746
5003F4A3 . 51 PUSH ECX
5003F4A4 . 50 PUSH EAX
5003F4A5 . 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
5003F4A8 . FF75 AC PUSH DWORD PTR SS:[EBP-54]
5003F4AB . FF75 A8 PUSH DWORD PTR SS:[EBP-58]
5003F4AE . 6A 00 PUSH 0
5003F4B0 . E8 8D52FCFF CALL <JMP.&MFC42.#6197>
5003F4B5 . FF77 20 PUSH DWORD PTR DS:[EDI+20]
5003F4B8 . FFD3 CALL EBX
5003F4BA . 50 PUSH EAX
5003F4BB . E8 3643FCFF CALL <JMP.&MFC42.#2864>
5003F4C0 . 68 70040000 PUSH 470
5003F4C5 . 8BC8 MOV ECX,EAX
5003F4C7 . E8 9D95FCFF CALL <JMP.&MFC42.#3092>
5003F4CC . 8D4D C8 LEA ECX,DWORD PTR SS:[EBP-38]
5003F4CF . 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX
5003F4D2 . 51 PUSH ECX
5003F4D3 . FF70 20 PUSH DWORD PTR DS:[EAX+20]
5003F4D6 . FFD6 CALL ESI
5003F4D8 . 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30]
5003F4DB . 8B4D D4 MOV ECX,DWORD PTR SS:[EBP-2C]
5003F4DE . 2B4D CC SUB ECX,DWORD PTR SS:[EBP-34]
5003F4E1 . 83C0 05 ADD EAX,5
5003F4E4 . 8945 D0 MOV DWORD PTR SS:[EBP-30],EAX
5003F4E7 . 2B45 C8 SUB EAX,DWORD PTR SS:[EBP-38]
5003F4EA . 68 46070000 PUSH 746
5003F4EF . 51 PUSH ECX
5003F4F0 . 50 PUSH EAX
5003F4F1 . 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
5003F4F4 . FF75 CC PUSH DWORD PTR SS:[EBP-34]
5003F4F7 . FF75 C8 PUSH DWORD PTR SS:[EBP-38]
5003F4FA . 6A 00 PUSH 0
5003F4FC . E8 4152FCFF CALL <JMP.&MFC42.#6197>
5003F501 . FF77 20 PUSH DWORD PTR DS:[EDI+20]
5003F504 . FFD3 CALL EBX
5003F506 . 50 PUSH EAX
5003F507 . E8 EA42FCFF CALL <JMP.&MFC42.#2864>
5003F50C . 68 41040000 PUSH 441
5003F511 . 8BC8 MOV ECX,EAX
5003F513 . E8 5195FCFF CALL <JMP.&MFC42.#3092> ; 过了这个CALL后EAX就为0了
5003F518 . 8D4D 98 LEA ECX,DWORD PTR SS:[EBP-68]
5003F51B . 51 PUSH ECX
5003F51C . FF70 20 PUSH DWORD PTR DS:[EAX+20] ; DS:[00000020]=??? 消息=访问违例: 读取 [00000020]
5003F51F . FFD6 CALL ESI
5003F521 . 68 34500000 PUSH 5034
5003F526 . 8BCF MOV ECX,EDI
5003F528 . E8 3C95FCFF CALL <JMP.&MFC42.#3092>
5003F52D . 8BD8 MOV EBX,EAX
5003F52F . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
5003F532 . 50 PUSH EAX
5003F533 . FF73 20 PUSH DWORD PTR DS:[EBX+20]
5003F536 . FFD6 CALL ESI
5003F538 . 8B45 98 MOV EAX,DWORD PTR SS:[EBP-68]
5003F53B . 8945 D8 MOV DWORD PTR SS:[EBP-28],EAX
5003F53E . 8B45 A0 MOV EAX,DWORD PTR SS:[EBP-60]
5003F541 . 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX
5003F544 . 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28]
http://support.microsoft.com/support/kb/articles/Q231/6/55.ASP