locked
BUG: !dlls bug in exts.dll version 6.12.2.633 RRS feed

  • Question

  • I've recreated the issue on 32bit XP and Windows 7 64bit. The symptoms are different, but bottom line is the same: !dlls is not producing expected output.

    The steps to recreate the issue are as follows:
    1. Using 32bit Windows XP and x86 WinDbg version 6.12.2.633, launch Notepad process and attach to it with WinDbg.
    2. Display all loaded modules via !dlls
    3. Select loader entry address for ntdll.dll (just an example, you can pick some other module) and attempt to display module info for it. For instance: !dlls -a 0x001a1f18

    Expected results:
    !dlls should produce module output similar to what other tools produce (for instance: dumpbin.exe) listing module sections, etc, etc.

    Actual results:
    Partial output is produced, followed by an integer divide-by-zero exception. Exception details are below.

    ModLoad: 01400000 016f9000   C:\DebugTools_6.12.2.633\winext\ext.dll
    ModLoad: 01900000 01975000   C:\DebugTools_6.12.2.633\WINXP\exts.dll
    ModLoad: 01800000 0181d000   C:\DebugTools_6.12.2.633\winext\uext.dll
    ModLoad: 4ee80000 4ee96000   C:\DebugTools_6.12.2.633\WINXP\ntsdexts.dll
    ModLoad: 01d00000 01d48000   C:\DebugTools_6.12.2.633\symsrv.dll
    (128.674): Integer divide-by-zero - code c0000094 (first chance)
    First chance exceptions are reported before any exception handling.
    This exception may be expected and handled.

    eax=00000038 ebx=00000000 ecx=7c97b6a0 edx=00000000 esi=00000000 edi=000401d8
    eip=019427f0 esp=00a2dd54 ebp=00a2ddd0 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246
    exts!DumpDebugDirectories+0x1b0:
    019427f0 f775fc          div     eax,dword ptr [ebp-4] ss:0023:00a2ddcc=00000000

    0:001> kb
    ChildEBP RetAddr  Args to Child              
    00a2ddd0 01942af1 7c9001d8 00000000 0007b800 exts!DumpDebugDirectories+0x1b0
    00a2de74 01940e3b bbe2395b 000401d8 00000002 exts!DumpSections+0x251
    00a2df14 01933fa3 7c900000 00000000 00000001 exts!DumpImage+0x36b
    00a2e1f0 01932e81 00a2e2fc 7ffdf000 00000000 exts!DllsExtension+0xae3
    00a2e21c 0218cb52 00776934 00a2e2fc bbe204f3 exts!dlls+0x41
    00a2e2bc 0218cda9 00776930 00a2e4c8 00a2e41c dbgeng!ExtensionInfo::CallA+0x342
    00a2e44c 0218ce72 00776930 00a2e4c8 00a2e4d2 dbgeng!ExtensionInfo::Call+0x129
    00a2e468 0218b6cf 00776930 00918640 00a2e4c8 dbgeng!ExtensionInfo::CallAny+0x72
    00a2e8e0 021d5d9f 00776930 00000000 00000002 dbgeng!ParseBangCmd+0x65f
    00a2e9c8 021d71a9 00776930 00000000 bbe20c43 dbgeng!ProcessCommands+0x50f
    00a2ea0c 021076c9 00776930 00000000 00000000 dbgeng!ProcessCommandsAndCatch+0x49
    00a2eea4 0210794a 00776930 00a2ef98 00000002 dbgeng!Execute+0x2b9
    00a2eed4 010290f6 00776938 00000001 00a2ef98 dbgeng!DebugClient::ExecuteWide+0x6a
    00a2ef80 01029612 00000000 00a2ef98 00000001 windbg!ProcessCommand+0x156
    00a2ffa0 0102b8f6 00000000 00000000 00000000 windbg!ProcessEngineCommands+0xb2
    00a2ffb4 7c80b50b 00000000 000401d8 00000002 windbg!EngineLoop+0x366
    00a2ffec 00000000 0102b590 00000000 00000000 kernel32!BaseThreadStart+0x37



    If you repeat the same steps on Windows 7 64bit with amd64 flavor of WinDbg version 6.12.2.633, you will get partial output followed by "Bad file header" message (no divide by zero exception).
    For example:
    0:001> !dlls -a 0x003e47b0

    0x003e47b0: C:\Windows\SYSTEM32\ntdll.dll
          Base   0x77780000  EntryPoint  0x00000000  Size        0x001a9000
          Flags  0x00004004  LoadCount   0x0000ffff  TlsIndex    0x00000000
                 LDRP_IMAGE_DLL
                 LDRP_ENTRY_PROCESSED
    Bad file header.

    Thank you,
    Olegas

    Olegas

    Tuesday, March 5, 2013 7:39 PM

All replies

  • The bug in question is easily reproducible on Windows 7 and Windows 2008 with WinDbg version 6.2.9200.16384 (from Win 8 SDK).

    I've recreated the issue on 3 machines (my laptop 7 x64, virtual Win 7 x64, virtual Win 2008 R2 x64).

    Debugger output snippet from Windows 7

    0:002> !dlls -a 0x001d2a50

    0x001d2a50: C:\Windows\SYSTEM32\ntdll.dll

          Base   0x76df0000  EntryPoint  0x00000000  Size        0x001ab000

          Flags  0x00004004  LoadCount   0x0000ffff  TlsIndex    0x00000000

                 LDRP_IMAGE_DLL

                 LDRP_ENTRY_PROCESSED

    Bad file header.

    0:002> .chain

    Extension DLL search Path:

        C:\Debuggers\x64\WINXP;C:\Debuggers\x64\winext;C:\Debuggers\x64\winext\arcade;C:\Debuggers\x64\pri;C:\Debuggers\x64;C:\Debuggers\x64\winext\arcade;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Vision\Bin

    Extension DLL chain:

        dbghelp: image 6.2.9200.16384, API 6.2.6, built Wed Jul 25 20:06:04 2012

            [path: C:\Debuggers\x64\dbghelp.dll]

        ext: image 6.2.9200.16384, API 1.0.0, built Wed Jul 25 20:11:33 2012

            [path: C:\Debuggers\x64\winext\ext.dll]

        exts: image 6.2.9200.16384, API 1.0.0, built Wed Jul 25 20:15:20 2012

            [path: C:\Debuggers\x64\WINXP\exts.dll]

        uext: image 6.2.9200.16384, API 1.0.0, built Wed Jul 25 20:15:09 2012

            [path: C:\Debuggers\x64\winext\uext.dll]

        ntsdexts: image 6.2.9200.16384, API 1.0.0, built Wed Jul 25 20:16:01 2012

            [path: C:\Debuggers\x64\WINXP\ntsdexts.dll]

    0:002> vertarget

    Windows 7 Version 7600 UP Free x64

    Product: WinNt, suite: SingleUserTS

    kernel32.dll version: 6.1.7600.16385 (win7_rtm.090713-1255)

    Machine Name:

    Debug session time: Fri Mar 22 06:59:35.962 2013 (UTC - 6:00)

    System Uptime: 0 days 0:15:38.453

    Process Uptime: 0 days 0:03:18.015

      Kernel time: 0 days 0:00:00.234

      User time: 0 days 0:00:00.000

    Debugger output snippet from Windows 2008 R2

    0:002> !dlls -a 0x00062780

    0x00062780: C:\Windows\SYSTEM32\ntdll.dll

          Base   0x773f0000  EntryPoint  0x00000000  Size        0x001ab000

          Flags  0x00004004  LoadCount   0x0000ffff  TlsIndex    0x00000000

                 LDRP_IMAGE_DLL

                 LDRP_ENTRY_PROCESSED

    Bad file header.

    0:002> .chain

    Extension DLL search Path:

        C:\Debuggers_x64_v6.2.9200.16384\x64\WINXP;C:\Debuggers_x64_v6.2.9200.16384\x64\winext;C:\Debuggers_x64_v6.2.9200.16384\x64\winext\arcade;C:\Debuggers_x64_v6.2.9200.16384\x64\pri;C:\Debuggers_x64_v6.2.9200.16384\x64;C:\Debuggers_x64_v6.2.9200.16384\x64\winext\arcade;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\

    Extension DLL chain:

        dbghelp: image 6.2.9200.16384, API 6.2.6, built Wed Jul 25 21:06:04 2012

            [path: C:\Debuggers_x64_v6.2.9200.16384\x64\dbghelp.dll]

        ext: image 6.2.9200.16384, API 1.0.0, built Wed Jul 25 21:11:33 2012

            [path: C:\Debuggers_x64_v6.2.9200.16384\x64\winext\ext.dll]

        exts: image 6.2.9200.16384, API 1.0.0, built Wed Jul 25 21:15:20 2012

            [path: C:\Debuggers_x64_v6.2.9200.16384\x64\WINXP\exts.dll]

        uext: image 6.2.9200.16384, API 1.0.0, built Wed Jul 25 21:15:09 2012

            [path: C:\Debuggers_x64_v6.2.9200.16384\x64\winext\uext.dll]

        ntsdexts: image 6.2.9200.16384, API 1.0.0, built Wed Jul 25 21:16:01 2012

            [path: C:\Debuggers_x64_v6.2.9200.16384\x64\WINXP\ntsdexts.dll]

    0:002> vertarget

    Windows 7 Version 7600 UP Free x64

    Product: Server, suite: Enterprise TerminalServer SingleUserTS

    kernel32.dll version: 6.1.7600.16385 (win7_rtm.090713-1255)

    Machine Name:

    Debug session time: Fri Mar 22 08:21:42.504 2013 (UTC - 5:00)

    System Uptime: 0 days 0:13:47.437

    Process Uptime: 0 days 0:03:33.171

      Kernel time: 0 days 0:00:00.078

      User time: 0 days 0:00:00.015


    Olegas

    Friday, March 22, 2013 3:03 PM