First Chance exception in ntdll 0XC0000005 Windbg
Please help me analyze this crash dump . This is my last resort.
We have a windows COM/DCOM service that crashes with this dump. It looks as if there is some heap corruption going on here. This crash strangely occurs only on Windows server 2008 sp2 and is causing a lot of headaches.
Can any windbg experts help here? I would appreciate any kinda of help with locating the error or proving tips on how to debug this since i am a newbie with windbg. Thanks in advance. Below is the windbg output
Comment: 'Dump created by DbgHost. First chance exception 0XC0000005'
Symbol search path is: C:\debug symbols;C:\Windows\Symbols
Windows Server 2008/Windows Vista Version 6002 (Service Pack 2) UP Free x86 compatible
Product: LanManNt, suite: Enterprise TerminalServer SingleUserTS
Machine Name:
Debug session time: Tue Nov 30 14:15:48.000 2010 (GMT+2)
System Uptime: 5 days 0:32:32.875
Process Uptime: 0 days 1:29:39.000
...........................................................
Loading unloaded module list .....
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(868.ae4): Access violation - code c0000005 (first/second chance not available)
eax=c0c0c0a0 ebx=00140000 ecx=c0c0c0a0 edx=00141000 esi=00140000 edi=00140000
eip=7005a43d esp=04ebf2dc ebp=04ebf320 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010286
*** ERROR: Symbol file could not be found. Defaulted to export symbols for verifier.dll - verifier!VerifierStopMessage+0x591d:
7005a43d 8139aaaacdab cmp dword ptr [ecx],0ABCDAAAAh ds:0023:c0c0c0a0=????????
*** WARNING: Unable to verify checksum for vsrv.exe
0:011> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for TCheckLic.dll
*** WARNING: Unable to verify checksum for regserverps.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for regserverps.dll -
*** WARNING: Unable to verify checksum for carsps.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for carsps.dll -
*** WARNING: Unable to verify checksum for vsrvps.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for vsrvps.dll -
*** WARNING: Unable to verify checksum for vdbaccs.dll
*** WARNING: Unable to verify checksum for VsrvPing.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for msiltcfg.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for WlS0WndH.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for wsock32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for comctl32.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for wtsapi32.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for winnsi.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for sxs.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for winsta.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for psapi.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for lpk.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for clbcatq.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ws2_32.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for nsi.dll
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: IMAGE_NT_HEADERS32 ***
*** ***
*************************************************************************
Failed calling InternetOpenUrl, GLE=12007
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
FAULTING_IP:
verifier!VerifierStopMessage+591d
7005a43d 8139aaaacdab cmp dword ptr [ecx],0ABCDAAAAh
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 7005a43d (verifier!VerifierStopMessage+0x0000591d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: c0c0c0a0
Attempt to read from address c0c0c0a0
PROCESS_NAME: vsrv.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: c0c0c0a0
READ_ADDRESS: c0c0c0a0
FOLLOWUP_IP:
verifier!VerifierStopMessage+591d
7005a43d 8139aaaacdab cmp dword ptr [ecx],0ABCDAAAAh
NTGLOBALFLAG: 2000000
APPLICATION_VERIFIER_FLAGS: 0
ADDITIONAL_DEBUG_TEXT: Enable Pageheap/AutoVerifer
FAULTING_THREAD: 00000ae4
DEFAULT_BUCKET_ID: HEAP_CORRUPTION
PRIMARY_PROBLEM_CLASS: HEAP_CORRUPTION
BUGCHECK_STR: APPLICATION_FAULT_HEAP_CORRUPTION_INVALID_POINTER_READ
LAST_CONTROL_TRANSFER: from 7005a9e0 to 7005a43d
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
04ebf320 7005a9e0 00141000 c0c0c0c0 00000004 verifier!VerifierStopMessage+0x591d
04ebf33c 700587eb 00141000 00240000 01000002 verifier!VerifierStopMessage+0x5ec0
04ebf390 77622614 00140000 01000002 c0c0c0c0 verifier!VerifierStopMessage+0x3ccb
04ebf3d8 775eb7cd 00140000 01000002 c0c0c0c0 ntdll!RtlDebugFreeHeap+0x2f
04ebf4cc 775d7545 c0c0c0c0 c0c0c0c0 04ebf604 ntdll!R开发者_如何学编程tlpFreeHeap+0x5f
04ebf4e8 762f9a26 00140000 00000000 c0c0c0c0 ntdll!RtlFreeHeap+0x14e
04ebf4fc 773aaf25 00140000 00000000 c0c0c0c0 kernel32!HeapFree+0x14
04ebf510 773aaf41 7747f6f8 c0c0c0c0 04ebf538 ole32!CRetailMalloc_Free+0x1c
04ebf520 75e16efc c0c0c0c0 04ebf604 037d3e6c ole32!CoTaskMemFree+0x13
04ebf538 75e08221 c0c0c0c0 c0c0c0c0 037d3e6c rpcrt4!NdrPointerFree+0xb5
04ebf560 75e0825a 00000000 04ebf58c 75e16ecb rpcrt4!NdrpEmbeddedPointerFree+0x4c
04ebf56c 75e16ecb 04ebf604 09afcff0 037d3e60 rpcrt4!NdrSimpleStructFree+0x1c
04ebf58c 75e16ecb 09afcff0 09afcff0 037d3e52 rpcrt4!NdrPointerFree+0x91
04ebf5ac 75ea25c8 09afcff0 04ebf840 037d3e4e rpcrt4!NdrPointerFree+0x91
04ebf5d4 75ea248b 04ebf840 00000002 04ebf7e0 rpcrt4!NdrpFreeParams+0x150
04ebf5e4 75ea2429 feabd21b 09a52fe0 07bd6f28 rpcrt4!NdrStubCall2+0x9aa
04ebf65c 751d192d 037d4968 00000000 00000000 rpcrt4!NdrStubCall2+0x55c
04ebfa04 75ea293b 09a52fe0 0982cfc0 07bd6f28 rsaenh!AesExpandKey+0x23
04ebfa54 7747a8c5 09a52fe0 07bd6f28 0982cfc0 rpcrt4!CStdStubBuffer_Invoke+0xa0
04ebfa9c 7747aa59 07bd6f28 09225f08 08dbec38 ole32!SyncStubInvoke+0x3c
04ebfae8 773a61d6 07bd6f28 09a12f18 09a52fe0 ole32!StubInvoke+0xb9
04ebfbc4 773a60e7 0982cfc0 00000000 09a52fe0 ole32!CCtxComChnl::ContextInvoke+0xfa
04ebfbe0 773a6df5 07bd6f28 00000001 09a52fe0 ole32!MTAInvoke+0x1a
04ebfc0c 7747a981 07bd6f28 00000001 09a52fe0 ole32!STAInvoke+0x46
04ebfc40 7747a79b d0908070 0982cfc0 09a52fe0 ole32!AppInvoke+0xaa
04ebfd1c 7747ae2d 07bd6ed0 06ffd420 00000400 ole32!ComInvokeWithLockAndIPID+0x32c
04ebfd44 773a6bcd 07bd6ed0 00000400 06df2e30 ole32!ComInvoke+0xc5
04ebfd58 773a6b8c 07bd6ed0 04ebfe18 00000400 ole32!ThreadDispatch+0x23
04ebfd9c 75fafd72 00ba002a 00000400 0000babe ole32!ThreadWndProc+0x167
04ebfdc8 75fafe4a 773a6aef 00ba002a 00000400 user32!InternalCallWinProc+0x23
04ebfe40 75fb018d 00000000 773a6aef 00ba002a user32!UserCallWinProcCheckWow+0x14b
04ebfea4 75fa8b7c 773a6aef 00000001 04ebff34 user32!DispatchMessageWorker+0x322
04ebfeb4 0044fbc9 04ebff14 00000000 00000000 user32!DispatchMessageA+0xf
04ebff34 0044faf1 00000000 00000000 041b2e88 vsrv!ATL::CComApartment::Apartment+0xc9 [d:\program files\microsoft visual studio\vc98\atl\include\atlbase.h @ 3837]
04ebff88 762fd0e9 041b2e88 04ebffd4 775b19bb vsrv!ATL::CComApartment::_Apartment+0x11 [d:\program files\microsoft visual studio\vc98\atl\include\atlbase.h @ 3815]
04ebff94 775b19bb 041b2e88 6a03c808 00000000 kernel32!BaseThreadInitThunk+0xe
04ebffd4 775b198e 00402428 041b2e88 ffffffff ntdll!__RtlUserThreadStart+0x23
04ebffec 00000000 00402428 041b2e88 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: .cxr 00000000 ; kb ; ~11s; .ecxr ; kb
SYMBOL_NAME: heap_corruption!heap_corruption
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: heap_corruption
IMAGE_NAME: heap_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: HEAP_CORRUPTION_c0000005_heap_corruption!heap_corruption
BUCKET_ID: APPLICATION_FAULT_HEAP_CORRUPTION_INVALID_POINTER_READ_heap_corruption!heap_corruption
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/vsrv_exe/68_50_606_0/4ce50c9e /verifier_dll/6_0_6001_18000/4791a775/c0000005/0001a43d.htm?Retriage=1
Followup: MachineOwner
Can you repro this?
If so,
Set up your symbols properly to use the symbol server.
E.g. set your environment variable
_NT_SYMBOL_PATH=SRV*c:\websymbols*http://msdl.microsoft.com/download/symbolsSet up Application Verifier to use the default tests and run your application through with a command line similar to
windbg -xd av -xd ch -xd sov ApplicationCommandLine.If you have a memory corruption, AppVerif will likely catch it and raise a second chance exception in your debugger. Make sure you enable full page heap so that heap overruns access-violate immediately.
Familiarise yourself with the
!avrfextension, if necessary.
加载中,请稍侯......
精彩评论