stackoom
  简体   繁体   中英

How to Find Crash in Windbg Log?

 原文  2015-11-25 17:01:04       windows/ windbg

Question

Here is the crash i found in the log shown by Windbg. but not able to get anything out of it. please help. 

00000000`0008ae08 00000000`76eb219e wow64cpu!CpupSyscallStub+0x2
00000000`0008ae10 00000000`76e7219a wow64cpu!Thunk0ArgReloadState+0x5
00000000`0008aec0 00000000`76e79b14 wow64!RunCpuSimulation+0xa
00000000`0008af10 00000000`76ed840f wow64!Wow64KiUserCallbackDispatcher+0x244
00000000`0008b270 00007ff9`ac2c3044 wow64win!whcbfnINOUTSTYLECHANGE+0xbf
00000000`0008bc50 00000000`76ee9a7a ntdll!KiUserCallbackDispatcherContinue
00000000`0008bcd8 00000000`76ed7a74 wow64win!NtUserSetWindowLongPtr+0xa
00000000`0008bce0 00000000`76e6a44b wow64win!whNtUserSetWindowLong+0x44
00000000`0008bd10 00000000`76eb1dc5 wow64!Wow64SystemServiceEx+0xfb
00000000`0008c5c0 00000000`76e7219a wow64cpu!ServiceNoTurbo+0xb
00000000`0008c670 00000000`76e79b14 wow64!RunCpuSimulation+0xa
00000000`0008c6c0 00000000`76ed880e wow64!Wow64KiUserCallbackDispatcher+0x244
00000000`0008ca20 00007ff9`ac2c3044 wow64win!whcbfnINOUTNCCALCSIZE+0x14e
00000000`0008d470 00000000`76eb2352 ntdll!KiUserCallbackDispatcherContinue
00000000`0008d558 00000000`76eb2318 wow64cpu!CpupSyscallStub+0x2
00000000`0008d560 00000000`76e7219a wow64cpu!Thunk0Arg+0x5
00000000`0008d610 00000000`76e79b14 wow64!RunCpuSimulation+0xa
00000000`0008d660 00000000`76ed5c0a wow64!Wow64KiUserCallbackDispatcher+0x244
00000000`0008d9c0 00007ff9`ac2c3044 wow64win!whcbfnDWORD+0x21a
00000000`0008e3c0 00000000`76ee5a3a ntdll!KiUserCallbackDispatcherContinue
00000000`0008e448 00000000`76ed6df2 wow64win!NtUserMessageCall+0xa
00000000`0008e450 00000000`76ed6b64 wow64win!whNT32NtUserMessageCallCB+0x32
00000000`0008e4a0 00000000`76e6a44b wow64win!whNtUserMessageCall+0xc4
00000000`0008e560 00000000`76eb1dc5 wow64!Wow64SystemServiceEx+0xfb
00000000`0008ee10 00000000`76e7219a wow64cpu!ServiceNoTurbo+0xb
00000000`0008eec0 00000000`76e720d2 wow64!RunCpuSimulation+0xa
00000000`0008ef10 00007ff9`ac2f3a15 wow64!Wow64LdrpInitialize+0x172
00000000`0008f450 00007ff9`ac2d2f1e ntdll!LdrpInitializeProcess+0x1591
00000000`0008f770 00007ff9`ac248ece ntdll!_LdrpInitialize+0x89ffe
00000000`0008f7e0 00000000`00000000 ntdll!LdrInitializeThunk+0xe

1 answers

solution1
 0 ACCPTED  2015-11-25 21:46:14

As others have mentioned, you have a 64 bit dump of a 32 bit process. We can see this because your excerpt shows 64 bit addresses and it has the wow64 module in the stack.

Typically you should try to get a dump of the correct bitness . The linked SO answer lists several options to get one.

Opening the dump file in the x86 version of WinDbg does not help. Even the x86 version can analyze 64 bit dumps:

WinDbg x86打开x64转储

The !sw command (load it with .load wow64exts ) or the .effmach x86 command can switch the debugger to x86 mode. Note how the command prompt changes:

WinDbg切换到x86模式

To show the call stack, you'll now need the wow64exts extension. Also be sure to have set the symbols: 

.load wow64exts
.symfix
.reload

Note that there is one call stack per thread, so make sure you get the right one: 

~#s
k

In case of a crash, look at the exception: 

.exr -1

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to find a function in windbg How do I find image base address of a process from a crash dump in Windbg WinDbg Unresponsive After Crash windbg log system calls Performance Counters in Windbg Crash Dump Windbg find missing dlls How do I find a memory mapped file's name in WinDbg? How to make QT Application write a crash log VC++ 6.0 - WinDbg stack trace shows a crash point at malloc WinDBG can't find python interpreter for PyKd
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM