Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Stack trace out of Minidump

164 views
Skip to first unread message

Pavel Lebedinsky [MSFT]

unread,
May 18, 2005, 4:47:50 PM5/18/05
to
You need to use .cxr to get the right stack trace:

http://blogs.msdn.com/jmstall/archive/2005/01/18/355697.aspx

I think that if you supply exception info to MiniDumpWriteDump,
you will be able to simplify the process somewhat by using .ecxr.

--
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Jay Venkat" wrote:

> Hi
> I am relatively new to Minidumps & WinDbg. I work on a GUI application
> developed on VS.Net 2003 (unmanaged code) where I have added a handler for
> Unhandled Exceptions using SetUnhandledExcpetionFilter. The handler
> function
> creates Minidumps. For testing purposes, I made the app crash due to Null
> ptr
> reference in one of the screens. The problem is that when I open the dump
> file in WinDbg, it does not show complete stack trace.
> I use WinDbg as the default debugger; When I remove the unhandled
> exception
> handler and let the app crash, WinDbg takes over and at that time, it
> shows
> complete stack trace for the same code. So I don't understand what am I
> missing when creating / viewing the minidump.
> I highly appreciate any help/ideas from your side.
>
> Another note: This is a problem only with one module in the application.
> Some other modules work fine. I tried to diff the settings but found
> nothing
> that might impact the issue.


Jay Venkat

unread,
May 18, 2005, 5:35:02 PM5/18/05
to
Thanks for replying.
The minidump is indeed supplied with Exception Pointer. Even after giving
the command .ecxr, it does not show complete trace. I use Microsoft symbols
too (downloaded them to my local pc). The stack trace stops at a call within
MFC71.dll.

-Jay

Pavel Lebedinsky [MSFT]

unread,
May 18, 2005, 10:37:04 PM5/18/05
to
Can you post the output of these commands:

.sympath
!sym -noisy
.reload
k
r

Jay Venkat

unread,
May 19, 2005, 9:29:29 AM5/19/05
to
Output of commands are as follows:

0:000> .sympath
Symbol search path is:
C:\QS_Crash;SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols

0:000> !sym -noisy
noisy mode - symbol prompts on
0:000> .reload
.........................................................................................
DBGHELP: C:\Program Files\Debugging Tools for Windows\ntdll.dll - file not
found
SYMSRV: WinInet Interface using proxy server: isaarray:8080
DBGHELP: C:\Symbols\ntdll.dll\3EB1B41Aa7000\ntdll.dll - OK
DBGENG: C:\Symbols\ntdll.dll\3EB1B41Aa7000\ntdll.dll - Mapped image memory
DBGHELP: C:\QS_Crash\ntdll.pdb - file not found
DBGHELP: C:\QS_Crash\symbols\dll\ntdll.pdb - file not found
DBGHELP: C:\QS_Crash\dll\ntdll.pdb - file not found
DBGHELP: ntdll - public symbols
C:\Symbols\ntdll.pdb\3E7B64D65\ntdll.pdb
DBGHELP: C:\Program Files\Debugging Tools for Windows\kernel32.dll - file
not found
DBGHELP: C:\Symbols\kernel32.dll\40D1DBCBe6000\kernel32.dll - OK
DBGENG: C:\Symbols\kernel32.dll\40D1DBCBe6000\kernel32.dll - Mapped image
memory
DBGHELP: C:\QS_Crash\kernel32.pdb - file not found
DBGHELP: C:\QS_Crash\symbols\dll\kernel32.pdb - file not found
DBGHELP: C:\QS_Crash\dll\kernel32.pdb - file not found
DBGHELP: kernel32 - public symbols
C:\Symbols\kernel32.pdb\40D1D0C52\kernel32.pdb
DBGHELP: C:\Program Files\Debugging Tools for Windows\dbghelp.dll -
mismatched timestamp
DBGHELP: C:\Symbols\dbghelp.dll\3D6DFA167d000\dbghelp.dll - OK
DBGENG: C:\Symbols\dbghelp.dll\3D6DFA167d000\dbghelp.dll - Mapped image
memory
DBGHELP: C:\QS_Crash\dbghelp.pdb - file not found
DBGHELP: C:\QS_Crash\symbols\dll\dbghelp.pdb - file not found
DBGHELP: C:\QS_Crash\dll\dbghelp.pdb - file not found
DBGHELP: dbghelp - public symbols
C:\Symbols\dbghelp.pdb\819C4FBAB64844F3B86D0AEEDDCE632A1\dbghelp.pdb
DBGHELP: C:\Program Files\Debugging Tools for Windows\CommonUtil.dll - file
not found
DBGHELP: C:\QS_Crash\CommonUtil.dll - OK
DBGENG: C:\QS_Crash\CommonUtil.dll - Mapped image memory
*** WARNING: Unable to verify checksum for CommonUtil.dll
DBGHELP: CommonUtil - private symbols & lines
C:\QS_Crash\CommonUtil.pdb

0:000> k
ChildEBP RetAddr
0012e1dc 77e9a352 SharedUserData!SystemCallStub+0x4
0012e218 77f5b5d4 kernel32!Module32NextW+0x43
0012e224 6d5360be ntdll!ZwClose+0xc
0012eea0 6d533cbd dbghelp!NtxGetProcessInfo+0x1f9
0012eec4 6d534034 dbghelp!WriteDumpData+0x7d
0012ef9c 003630ba dbghelp!MiniDumpWriteDump+0x10c
0012f338 77e99bf5 CommonUtil!MiniDumper::TopLevelFilter+0x32a
[c:\projects\forest\src_nodotnet\fst\commonutil\mdump.cpp @ 130]
0012f860 77e9a2ad kernel32!UnhandledExceptionFilter+0x10a
0012fff0 00000000 kernel32!BaseProcessStart+0x39

0:000> r
eax=01940000 ebx=00000000 ecx=00000007 edx=f3debd64 esi=001809f8 edi=0000012c
eip=7ffe0304 esp=0012e1d8 ebp=0012e210 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
SharedUserData!SystemCallStub+0x4:
7ffe0304 c3 ret


0:000> .ecxr
eax=00000000 ebx=00000003 ecx=00000018 edx=7c21f164 esi=01856448 edi=00000000
eip=7c168f1d esp=0012fc60 ebp=0012fc9c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
DBGHELP: C:\Program Files\Debugging Tools for Windows\MFC71.dll - file not
found
SYMSRV: C:\Symbols\MFC71.dll\3E77FDFD103000\MFC71.dll not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/MFC71.dll/3E77FDFD103000/MFC71.dll
not found
DBGHELP: C:\Program Files\Debugging Tools for Windows\MFC71.dll - file not
found
DBGHELP: MFC71.dll not found in C:\QS_Crash
DBGHELP: MFC71.dll not found in
SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
DBGENG: C:\WINDOWS\system32\MFC71.dll - Mapped image memory
DBGHELP: C:\QS_Crash\mfc71.pdb - file not found
DBGHELP: C:\QS_Crash\symbols\dll\mfc71.pdb - file not found
DBGHELP: C:\QS_Crash\dll\mfc71.pdb - file not found
DBGHELP: MFC71 - public symbols
C:\Symbols\mfc71.pdb\7AFA24A1166A4B949C2CB5FF331277F82\mfc71.pdb
MFC71!CMapPtrToPtr::GetValueAt+0x1:
7c168f1d 8b7104 mov esi,[ecx+0x4] ds:0023:0000001c=????????
DBGHELP: C:\Program Files\Debugging Tools for Windows\QuoteSheet.exe - file
not found
DBGHELP: C:\QS_Crash\QuoteSheet.exe - OK
DBGENG: C:\QS_Crash\QuoteSheet.exe - Mapped image memory
DBGHELP: C:\Program Files\Debugging Tools for Windows\msvcr71.dll - file not
found
DBGHELP: C:\Symbols\msvcr71.dll\3E561EAC56000\msvcr71.dll - OK
DBGENG: C:\Symbols\msvcr71.dll\3E561EAC56000\msvcr71.dll - Mapped image
memory
DBGHELP: C:\QS_Crash\msvcr71.pdb - file not found
DBGHELP: C:\QS_Crash\symbols\dll\msvcr71.pdb - file not found
DBGHELP: C:\QS_Crash\dll\msvcr71.pdb - file not found
DBGHELP: msvcr71 - public symbols
C:\Symbols\msvcr71.pdb\630C79175C1942C099C9BC4ED019C6092\msvcr71.pdb
*** WARNING: Unable to verify checksum for QuoteSheet.exe
DBGHELP: QuoteSheet - private symbols & lines
C:\QS_Crash\QuoteSheet.pdb


"Pavel Lebedinsky [MSFT]" wrote:

> Can you post the output of these commands:
>

> ..sympath
> !sym -noisy
> ..reload

Pavel Lebedinsky [MSFT]

unread,
May 19, 2005, 3:52:45 PM5/19/05
to
Everything looks normal so far. What does 'k' show after you've
issued .ecxr ?

--
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Jay Venkat" wrote:

> 0:000> .ecxr
> eax=00000000 ebx=00000003 ecx=00000018 edx=7c21f164 esi=01856448
> edi=00000000
> eip=7c168f1d esp=0012fc60 ebp=0012fc9c iopl=0 nv up ei pl zr na po
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00010246

> DBGHELP: MFC71 - public symbols

Jay Venkat

unread,
May 19, 2005, 4:47:17 PM5/19/05
to
I have attached the entire output again, this time with k after ecxr:

(Please note that the crash occured in a file COCCalculator.cpp inside the
function COCCalculator::flip() - hence I was expecting to see that call in
the stack)

0:000> .reload
.........................................................................................
DBGHELP: C:\Program Files\Debugging Tools for Windows\ntdll.dll - file not
found

0:000> r
eax=01940000 ebx=00000000 ecx=00000007 edx=f3e0bd64 esi=00180a08 edi=000004fc


eip=7ffe0304 esp=0012e1d8 ebp=0012e210 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
SharedUserData!SystemCallStub+0x4:
7ffe0304 c3 ret

0:000> .ecxr


eax=00000000 ebx=00000003 ecx=00000018 edx=7c21f164 esi=01856448 edi=00000000
eip=7c168f1d esp=0012fc60 ebp=0012fc9c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246

DBGHELP: C:\Program Files\Debugging Tools for Windows\MFC71.dll - file not
found
SYMSRV: C:\Symbols\MFC71.dll\3E77FDFD103000\MFC71.dll not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/MFC71.dll/3E77FDFD103000/MFC71.dll
not found
DBGHELP: C:\Program Files\Debugging Tools for Windows\MFC71.dll - file not
found
DBGHELP: MFC71.dll not found in C:\QS_Crash
DBGHELP: MFC71.dll not found in
SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
DBGENG: C:\WINDOWS\system32\MFC71.dll - Mapped image memory
DBGHELP: C:\QS_Crash\mfc71.pdb - file not found
DBGHELP: C:\QS_Crash\symbols\dll\mfc71.pdb - file not found
DBGHELP: C:\QS_Crash\dll\mfc71.pdb - file not found

DBGHELP: MFC71 - public symbols
C:\Symbols\mfc71.pdb\7AFA24A1166A4B949C2CB5FF331277F82\mfc71.pdb
MFC71!CMapPtrToPtr::GetValueAt+0x1:
7c168f1d 8b7104 mov esi,[ecx+0x4] ds:0023:0000001c=????????

0:000> k
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr
0012fc60 7c175e02 MFC71!CMapPtrToPtr::GetValueAt+0x1
0012fc70 7c1c85b1 MFC71!CWnd::DestroyWindow+0x2b
0012fc7c 7c17e02e MFC71!CToolTipCtrl::DestroyToolTipCtrl+0x1c
0012fc9c 7c150d09 MFC71!AFX_MODULE_THREAD_STATE::~AFX_MODULE_THREAD_STATE+0x2e
0012fca4 7c150e00 MFC71!AFX_MODULE_THREAD_STATE::`vector deleting
destructor'+0x8
0012fcc0 7c1459aa MFC71!CThreadSlotData::DeleteValues+0x46
0012fcd8 7c145bd0 MFC71!CThreadSlotData::DeleteValues+0x46
0012fcf4 7c14f487 MFC71!DllMain+0x111
0012fd30 77f5b42c MFC71!_DllMainCRTStartup+0x71
0012fd50 77f62864 ntdll!LdrpCallInitRoutine+0x14
0012fdd8 77e79832 ntdll!LdrShutdownProcess+0x149
0012fec8 77e79875 kernel32!_ExitProcess+0x37


DBGHELP: C:\Program Files\Debugging Tools for Windows\msvcr71.dll - file not
found
DBGHELP: C:\Symbols\msvcr71.dll\3E561EAC56000\msvcr71.dll - OK
DBGENG: C:\Symbols\msvcr71.dll\3E561EAC56000\msvcr71.dll - Mapped image
memory
DBGHELP: C:\QS_Crash\msvcr71.pdb - file not found
DBGHELP: C:\QS_Crash\symbols\dll\msvcr71.pdb - file not found
DBGHELP: C:\QS_Crash\dll\msvcr71.pdb - file not found

DBGHELP: msvcr71 - public symbols
C:\Symbols\msvcr71.pdb\630C79175C1942C099C9BC4ED019C6092\msvcr71.pdb
0012fedc 7c348d03 kernel32!TerminateProcess
0012fee4 7c3476c8 msvcr71!__crtExitProcess+0x2e
0012ff14 7c348d22 msvcr71!_cinit+0x108


DBGHELP: C:\Program Files\Debugging Tools for Windows\QuoteSheet.exe - file
not found
DBGHELP: C:\QS_Crash\QuoteSheet.exe - OK
DBGENG: C:\QS_Crash\QuoteSheet.exe - Mapped image memory

*** WARNING: Unable to verify checksum for QuoteSheet.exe
DBGHELP: QuoteSheet - private symbols & lines
C:\QS_Crash\QuoteSheet.pdb

0012ff24 00486409 msvcr71!_exit+0xd
0012ffc0 77e8141a QuoteSheet!WinMainCRTStartup+0x1ed
[f:\vs70builds\3077\vc\crtbld\crt\src\crtexe.c @ 420]
0012fff0 00000000 kernel32!BaseProcessStart+0x23

Pavel Lebedinsky [MSFT]

unread,
May 19, 2005, 8:03:12 PM5/19/05
to
So you actually got a good stack trace. Your program returned from
WinMain, CRT then called ExitProcess, ExitProcess called DllMain
for MFC71, MFC then tried to clean up some per-thread state
and crashed reading from address 0x1c.

I don't know much about MFC so I can't tell you what exactly
is happening here but one thing that is obviously wrong is that
you have cleanup code running in DllMain that is trying to
destroy a window (tooltip control). This is explicitly prohibited
in MSDN:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/dllmain.asp

You should destroy all your windows (and most other resources)
before you return from WinMain. Doing any non-trivial cleanup in
DllMain is strongly not recommended.

--
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Jay Venkat" wrote:

>I have attached the entire output again, this time with k after ecxr:
>
> (Please note that the crash occured in a file COCCalculator.cpp inside the
> function COCCalculator::flip() - hence I was expecting to see that call in
> the stack)
>

> MFC71!CMapPtrToPtr::GetValueAt+0x1:
> 7c168f1d 8b7104 mov esi,[ecx+0x4]
> ds:0023:0000001c=????????
>
> 0:000> k
> *** Stack trace for last set context - .thread/.cxr resets it
> ChildEBP RetAddr
> 0012fc60 7c175e02 MFC71!CMapPtrToPtr::GetValueAt+0x1
> 0012fc70 7c1c85b1 MFC71!CWnd::DestroyWindow+0x2b
> 0012fc7c 7c17e02e MFC71!CToolTipCtrl::DestroyToolTipCtrl+0x1c
> 0012fc9c 7c150d09
> MFC71!AFX_MODULE_THREAD_STATE::~AFX_MODULE_THREAD_STATE+0x2e
> 0012fca4 7c150e00 MFC71!AFX_MODULE_THREAD_STATE::`vector deleting
> destructor'+0x8
> 0012fcc0 7c1459aa MFC71!CThreadSlotData::DeleteValues+0x46
> 0012fcd8 7c145bd0 MFC71!CThreadSlotData::DeleteValues+0x46
> 0012fcf4 7c14f487 MFC71!DllMain+0x111
> 0012fd30 77f5b42c MFC71!_DllMainCRTStartup+0x71
> 0012fd50 77f62864 ntdll!LdrpCallInitRoutine+0x14
> 0012fdd8 77e79832 ntdll!LdrShutdownProcess+0x149
> 0012fec8 77e79875 kernel32!_ExitProcess+0x37

> 0012fedc 7c348d03 kernel32!TerminateProcess
> 0012fee4 7c3476c8 msvcr71!__crtExitProcess+0x2e
> 0012ff14 7c348d22 msvcr71!_cinit+0x108

> 0012ff24 00486409 msvcr71!_exit+0xd
> 0012ffc0 77e8141a QuoteSheet!WinMainCRTStartup+0x1ed

> 0012fff0 00000000 kernel32!BaseProcessStart+0x23


0 new messages