none
any hints on how could i debug [ Bug Check 0x7E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED ] RRS feed

  • Question

  • I don't want to post here and wait for long hours because I know that no one would debug my error and do everything for me. So i just want any hints commands for windbg so i can identify the problem and fix it. Beside MSDN page if there is anything I can do just to speed up the process of finding the bug that is causing this problem. thanks :)

    btw if someone had this issue before.

    am trying to read an address from an instruction by adding bytes to the returned address from my pattern scan method and reading that address + some bytes to read the relative address.
    Wednesday, April 17, 2019 1:54 PM

Answers

  • nvm guys i was dumb because i did not add my base address + offset to read :D (FIXEd)
    • Marked as answer by Frankooo Thursday, April 18, 2019 12:59 PM
    Thursday, April 18, 2019 12:59 PM

All replies

  • The most important commands in WinDBG when debugging a crash are:

    !analyze -v

    !pte

    kv

    The most likely scenario is that your address math is wrong and you attempted to access a memory address that is invalid. Start with !analyze -v to find out where the problem occurred. Then use !pte on any addresses (including intermediate values, to determine how you got the wrong value) to determine whether an address is valid or not (using DD to try and dump the address won't always tell you whether the address is invalid, because sometimes WinDBG is too helpful and will display the contents of pages that are in transition).

    For hints, post the output of !analyze -v and the code that is causing the error, and people here will give you pointers

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Wednesday, April 17, 2019 2:29 PM
    Moderator
  • nvm guys i was dumb because i did not add my base address + offset to read :D (FIXEd)
    • Marked as answer by Frankooo Thursday, April 18, 2019 12:59 PM
    Thursday, April 18, 2019 12:59 PM