Windbg Analysis RRS feed

  • Question

  • Good day!  I am trying to do an analysis on a 3rd party application that keeps crashing on an end user of ours.  I did an analysis and it points to an Access violation being the issue, although I can't pinpoint where or why.   Any suggestions?

    0:000> !analyze -v
    *                                                                             *
    *                        Exception Analysis                                   *
    *                                                                             *

    *** WARNING: Unable to verify checksum for
    *** WARNING: Unable to verify checksum for
    *** WARNING: Unable to verify checksum for bnt.dll
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for bnt.dll - 
    *** WARNING: Unable to verify checksum for pdfium.dll
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for pdfium.dll - 
    GetUrlPageData2 (WinHttp) failed: 12002.

    02f97d43 8b01            mov     eax,dword ptr [ecx]

    EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
    ExceptionAddress: 02f97d43
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 00000000
       Parameter[1]: 00000000
    Attempt to read from address 00000000

    CONTEXT:  00000000 -- (.cxr 0x0;r)
    eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=00000003 edi=00000003
    eip=77e6c8ac esp=0122c324 ebp=0122c4ac iopl=0         nv up ei pl nz na pe nc
    cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000206
    77e6c8ac c21400          ret     14h


    PROCESS_NAME:  aXsInfo.exe

    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.



    READ_ADDRESS:  00000000 

    02f97d43 8b01            mov     eax,dword ptr [ecx]



    APP:  axsinfo.exe

    ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) x86fre

    MANAGED_STACK: !dumpstack -EE
    No export dumpstack found



    LAST_CONTROL_TRANSFER:  from 6fabdb0d to 02f97d43

    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0122d070 6fabdb0d 1d41c590 1d41c5a0 03015f9c 0x2f97d43
    0122d0a0 6fabe5c2 1d41c590 1d41c590 03015f9c Microsoft_VisualBasic_ni+0x12db0d
    0122d0b4 6fabe95d 0302be38 1d41c584 0122d104 Microsoft_VisualBasic_ni+0x12e5c2
    0122d0c4 5dac7ba5 1d41c584 00000000 1d41c320 Microsoft_VisualBasic_ni+0x12e95d
    0122d104 5dab8267 03042f88 0122e26c 5dd0061f System_Windows_Forms_ni+0x7b7ba5
    0122d110 5dd0061f 5d4b9dfe 0122d140 5d3315b0 System_Windows_Forms_ni+0x7a8267
    0122e2a0 75db8e71 000f06dc 00000010 00000000 System_Windows_Forms_ni+0x9f061f
    0122e2cc 75db90d1 02fd53ce 000f06dc 00000010 user32!_InternalCallWinProc+0x2b
    0122e360 75db932c 02fd53ce 00000000 00000010 user32!UserCallWinProcCheckWow+0x18e
    0122e3c0 75db9529 01a6fd60 00000000 00000010 user32!DispatchClientMessage+0xdc
    0122e400 77e70666 0122e418 00000000 0122e670 user32!__fnDWORD+0x49
    0122e434 75dbc463 000f06dc 00000112 0000f060 ntdll!KiUserCallbackDispatcher+0x36
    0122e4c0 75dbc30f 01a6fd60 00000000 00050eed user32!RealDefWindowProcWorker+0x147
    0122e4d8 740e3405 000f06dc 00000112 0000f060 user32!RealDefWindowProcW+0x53
    0122e4f8 74112a35 05486af0 3cb88751 0122e61c uxtheme!DoMsgDefault+0x3a
    0122e508 740e33a3 05486af0 0122e5b0 00000001 uxtheme!OnDwpSysCommand+0x35
    0122e61c 740e2e58 0000f060 00050eed 00000001 uxtheme!_ThemeDefWindowProc+0x6b7
    0122e630 75dbc2a5 000f06dc 00000112 0000f060 uxtheme!ThemeDefWindowProcW+0x18
    0122e680 75dbe912 000f06dc 00000112 0000f060 user32!DefWindowProcW+0x173
    0122e69c 75dd6795 01a6fd60 00000000 00000112 user32!DefWindowProcWorker+0x2e
    0122e720 75dd68ab 00000112 0000f060 00050eed user32!DefFrameProcWorker+0xb5
    0122e738 5de2d46c 000f06dc 00220b00 00000112 user32!DefFrameProcW+0x1b
    0122e784 5de2aca2 2d10396c 69bcfa00 0122ed6c System_Windows_Forms_ni+0xb1d46c
    0122e7d0 5d4c2ed0 03042c5c 0122e7e4 5d4f8e52 System_Windows_Forms_ni+0xb1aca2
    0122e7dc 5d4f8e52 0122e7fc 5dad5b89 00000001 System_Windows_Forms_ni+0x1b2ed0
    0122e7e4 5dad5b89 00000001 0122e8b8 0122e84c System_Windows_Forms_ni+0x1e8e52
    0122e7fc 5de2d1af 05860574 0122e84c 03042f88 System_Windows_Forms_ni+0x7c5b89
    0122e810 5d4b9f13 0122e82c 5d4b9ea5 5d5462f4 System_Windows_Forms_ni+0xb1d1af
    0122e818 5d4b9ea5 5d5462f4 03042f88 0122e860 System_Windows_Forms_ni+0x1a9f13
    0122e82c 5d4b9dd0 03042f88 000f06dc 00000112 System_Windows_Forms_ni+0x1a9ea5
    0122e8b0 75db8e71 000f06dc 00000112 0000f060 System_Windows_Forms_ni+0x1a9dd0
    0122e8dc 75dbae9d 02fd53ce 000f06dc 00000112 user32!_InternalCallWinProc+0x2b
    0122e970 75db932c 02fd53ce 00000000 00000112 user32!UserCallWinProcCheckWow+0x262
    0122e9d0 75db9529 01a6fd60 00000000 00000112 user32!DispatchClientMessage+0xdc
    0122ea10 77e70666 0122ea28 00000000 0122ec88 user32!__fnDWORD+0x49
    0122ea44 75dbc463 000f06dc 000000a1 00000014 ntdll!KiUserCallbackDispatcher+0x36
    0122ead0 75dbc30f 01a6fd60 00000000 00050eed user32!RealDefWindowProcWorker+0x147
    0122eae8 740e3405 000f06dc 000000a1 00000014 user32!RealDefWindowProcW+0x53
    0122eb08 74122017 74121fb0 05486af0 000000a1 uxtheme!DoMsgDefault+0x3a
    0122eb20 740e33a3 05486af0 0122ebc8 00000001 uxtheme!OnDwpNcLButtonDown+0x67
    0122ec34 740e2e58 00000014 00050eed 00000001 uxtheme!_ThemeDefWindowProc+0x6b7
    0122ec48 75dbc2a5 000f06dc 000000a1 00000014 uxtheme!ThemeDefWindowProcW+0x18
    0122ec98 75dbe912 000f06dc 000000a1 00000014 user32!DefWindowProcW+0x173
    0122ecb0 75dd6795 01a6fd60 00000000 000000a1 user32!DefWindowProcWorker+0x2e
    0122ed34 75dd68ab 000000a1 00000014 00050eed user32!DefFrameProcWorker+0xb5
    0122ed4c 5de2d46c 000f06dc 00220b00 000000a1 user32!DefFrameProcW+0x1b
    0122ed98 5d4ba018 2d10396c 69bcfa00 0122f00c System_Windows_Forms_ni+0xb1d46c
    0122ede4 5d4c2ed0 03042c5c 0122edf8 5d4f8e52 System_Windows_Forms_ni+0x1aa018
    0122edf0 5d4f8e52 0122ee10 5dad5971 00000000 System_Windows_Forms_ni+0x1b2ed0
    0122edf8 5dad5971 00000000 0122eecc 0122ee60 System_Windows_Forms_ni+0x1e8e52
    0122ee10 5de2d2ac 05860574 0122ee60 03042f88 System_Windows_Forms_ni+0x7c5971
    0122ee24 5d4b9f13 0122ee40 5d4b9ea5 5d5462f4 System_Windows_Forms_ni+0xb1d2ac
    0122ee2c 5d4b9ea5 5d5462f4 03042f88 0122ee74 System_Windows_Forms_ni+0x1a9f13
    0122ee40 5d4b9dd0 03042f88 000f06dc 000000a1 System_Windows_Forms_ni+0x1a9ea5
    0122eec4 75db8e71 000f06dc 000000a1 00000014 System_Windows_Forms_ni+0x1a9dd0
    0122eef0 75db90d1 02fd53ce 000f06dc 000000a1 user32!_InternalCallWinProc+0x2b
    0122ef84 75dba66f 02fd53ce 00000000 000000a1 user32!UserCallWinProcCheckWow+0x18e
    0122eff0 75dba6e0 0122f078 0122f038 5d51ad58 user32!DispatchMessageWorker+0x208
    0122effc 5d51ad58 0122f078 2d10396c 69bcfa00 user32!DispatchMessageW+0x10
    0122f038 5d4c9571 2d10396c 69bcfa00 0122f380 System_Windows_Forms_ni+0x20ad58
    0122f0bc 5d4c9182 00000000 ffffffff 00000000 System_Windows_Forms_ni+0x1b9571
    0122f110 5d4c8ff4 03016dfc 00000000 00000000 System_Windows_Forms_ni+0x1b9182
    0122f13c 6fabe4e6 03016dfc 03015f9c 00000000 System_Windows_Forms_ni+0x1b8ff4
    0122f164 6fabefce 03015f9c 00000000 00000000 Microsoft_VisualBasic_ni+0x12e4e6
    0122f18c 6fabdd27 6f9c36f8 0122f170 00000006 Microsoft_VisualBasic_ni+0x12efce
    0122f208 69bceaf6 01321a90 0122f268 69bd70c9 Microsoft_VisualBasic_ni+0x12dd27
    0122f214 69bd70c9 0122f2ac 0122f258 69cab000 clr!CallDescrWorkerInternal+0x34
    0122f268 69bd76f4 0122f2c0 030205b4 00000000 clr!CallDescrWorkerWithHandler+0x6b
    0122f2d8 69d6abf1 0122f3cc 22827fad 012b713c clr!MethodDescCallSite::CallTargetWorker+0x16a
    0122f404 69d6ace9 0122f428 00000000 22827fb1 clr!RunMain+0x1ad
    0122f678 69d6b2eb 00000000 22827d21 00bf0000 clr!Assembly::ExecuteMainMethod+0x124
    0122fb70 69d6b4a1 22827061 00000000 00000000 clr!SystemDomain::ExecuteMainMethod+0x631
    0122fbc8 69d6b3e7 228277a1 00000000 69cef7c0 clr!ExecuteEXE+0x4c
    0122fc08 69cef7dc 228277ed 00000000 69cef7c0 clr!_CorExeMainInternal+0xdc
    0122fc44 73b0d45b 3b09592d 77a77b50 73b00000 clr!_CorExeMain+0x4d
    0122fc7c 73b8bbb7 0122fc94 73b8bbcc 73b8bb40 mscoreei!_CorExeMain+0x10e
    0122fc84 73b8bbcc 73b8bb40 73b8bb40 0122fca8 mscoree!_CorExeMain_Exported+0x77
    0122fc94 77a77c04 7fa99000 77a77be0 3f092860 mscoree!_CorExeMain_Exported+0x8c
    0122fca8 77e8ad2f 7fa99000 3f4c76bc 00000000 kernel32!BaseThreadInitThunk+0x24
    0122fcf0 77e8acfa ffffffff 77e700bb 00000000 ntdll!__RtlUserThreadStart+0x2f
    0122fd00 00000000 73b8bb40 7fa99000 00000000 ntdll!_RtlUserThreadStart+0x1b

    STACK_COMMAND:  ~0s; .ecxr ; kb


    SYMBOL_NAME:  unknown!noop+0

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: unknown

    IMAGE_NAME:  unknown


    FAILURE_BUCKET_ID:  WRONG_SYMBOLS_c0000005_unknown!noop



    FAILURE_ID_HASH_STRING:  um:wrong_symbols_c0000005_unknown!noop

    FAILURE_ID_HASH:  {f838820b-8678-57df-599c-95f0bde62d23}

    Followup: MachineOwner

    Tuesday, January 9, 2018 8:04 PM

All replies

  • Hi Townshend84,

    Thank you for posting here.

    For your question, the information you provided could not get what cause the crash. How do you analyze the crashing application? With dump file? Could you provide the dump file for us?

    >>*** ERROR: Symbol file could not be found.  Defaulted to export symbols for bnt.dll -

    When you analyze, have you load the symbol file?

    Best Regards,


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact

    Wednesday, January 10, 2018 8:27 AM