32-bit Intel Architecture
Listing 8 shows the thread state for an Intel-based computer running 32-bit code.
Listing 8: 32-bit Intel thread state
Thread 0 crashed with X86 Thread State (32-bit): eax: 0x00000000 ebx: 0x942cea07 ecx: 0xbfffed1c edx: 0x94b3a8e6 edi: 0x00000000 esi: 0x00000000 ebp: 0xbfffed58 esp: 0xbfffed1c ss: 0x0000001f efl: 0x00010206 eip: 0x00000000 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0x00000000
For Intel-based computers running 32-bit code, you should consider the following points:
-
Focus on two values:
eip
and the exception address (described earlier). -
eip
is the program counter at the time that the exception occurred. That is, it's the address of the instruction that caused the exception. For most non-memory access exceptions (for example,EXC_ARITHMETIC
/EXC_I386_DIV
caused by an integer division by zero), this is the key value. -
For memory access exceptions:
-
If
eip
is equal to the exception address, the exception was caused by fetching instructions. Typically this means:-
you've called a bogus function pointer (or, equivalently, called a method on a bogus object)
-
you've returned to a bad address which, in turn, means that you've corrupted the stack
-
-
If
eip
is not equal to the exception address, the exception was caused by a memory access instruction (in terms of C, this means that you're dereferencing an invalid pointer).
-
-
Finally, as with PowerPC, it can be helpful to look through the other registers for telltale signs.
https://developer.apple.com/library/content/technotes/tn2004/tn2123.html#SECNOSYMBOLS