Empty Stack Trace

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Empty Stack Trace

This is another stack trace⁹ related pattern. Here we might need to do manual stack trace reconstruction (Volume 1, page 157) like shown in the following example:

0:002> ~2s
eax=00000070 ebx=0110fb94 ecx=00000010 edx=005725d8 esi=0110fe58
edi=00000d80
eip=7c82847c esp=0110efe0 ebp=0110eff0 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
7c82847c c3 ret

0:002> kL
ChildEBP RetAddr
0110efdc 00000000 ntdll!KiFastSystemCallRet

0:002> !teb
TEB at  7ffdc000
ExceptionList:           0110f980
StackBase:               01110000
StackLimit:              0110d000
SubSystemTib:            00000000
FiberData:               00001e00
ArbitraryUserPointer:    00000000
Self:                    7ffdc000
EnvironmentPointer:      00000000
ClientId:                00000b04 . 00000bd0
RpcHandle:               00000000
Tls Storage:             00000000
PEB Address:             7ffda000
LastErrorValue:          87
LastStatusValue:         c000000d
Count Owned Locks:       0
HardErrorMode:           0

0:002> dps 0110d000 01110000
0110d000 00000000
0110d004 00000000
[...]
0110f640 0110f64c
0110f644 02b91ea8
0110f648 00001000
0110f64c 00000004
0110f650 0110f6f0
0110f654 0374669d DbgHelp!WriteFullMemory+0×3cd

0110f658 ffffffff
0110f65c 0110d000
0110f660 00000000
0110f664 0480f5c0
0110f668 00003000
0110f66c 0110f7b0
0110f670 0110d000
0110f674 00000000
0110f678 00000065
0110f67c 00003000
0110f680 0110d000
0110f684 00000000
0110f688 01010000
0110f68c 00000000
0110f690 00000004
0110f694 00060002
0110f698 00003000
0110f69c 00000000
0110f6a0 00001000
0110f6a4 00000004
0110f6a8 00020000
0110f6ac 00040004
0110f6b0 7ffe0000 SharedUserData
0110f6b4 00000000
0110f6b8 00001000
0110f6bc 00000000
0110f6c0 0480f5c0
0110f6c4 00000000
0110f6c8 04c4a000
0110f6cc 00000000
0110f6d0 000003c7
0110f6d4 00000000
0110f6d8 00023b17
0110f6dc 00000000
0110f6e0 01110000
0110f6e4 00000000
0110f6e8 0099f000
0110f6ec 00000000
0110f6f0 0110f704
0110f6f4 037469d6 DbgHelp!WriteDumpData+0×206
0110f6f8 0110f738
0110f6fc 0110f7b0
0110f700 00000000
0110f704 0110f868
0110f708 03747449 DbgHelp!MiniDumpProvideDump+0×359
0110f70c 0110f738
0110f710 0110f7b0
0110f714 02b91fb0
0110f718 00000000
0110f71c 00000000
0110f720 00000000
0110f724 02b91fb0
0110f728 00000000
0110f72c 00000000

[...]
0110ff1c 00000001
0110ff20 00000008
0110ff24 0000000a
0110ff28 33017f51 ModuleA!Run+0xde
0110ff2c 00000001
0110ff30 0110ff74
0110ff34 00f08898
0110ff38 00000000
0110ff3c 00f082a8
0110ff40 00000000
0110ff44 00000001
0110ff48 33017e33 ModuleA!ThreadProc+0×2c
0110ff4c a9b21e1e
0110ff50 00000000
0110ff54 00000000
0110ff58 00f08898
0110ff5c 0110ff4c
0110ff60 0110ffac
0110ff64 0110ff9c
0110ff68 33054245
0110ff6c 9ba52ad2
0110ff70 00000000
0110ff74 0110ffac
0110ff78 78543433 msvcr90!_endthreadex+0×44
0110ff7c 00f082a8
0110ff80 a9b2b0d3
0110ff84 00000000
0110ff88 00000000
0110ff8c 00f08898
0110ff90 0110ff80
0110ff94 0110ff80
0110ff98 0110ffdc
0110ff9c 0110ffdc
0110ffa0 7858cf5e msvcr90!_except_handler4
0110ffa4 d0f887df
0110ffa8 00000000
0110ffac 0110ffb8
0110ffb0 785434c7 msvcr90!_endthreadex+0xd8
0110ffb4 00000000
0110ffb8 0110ffec
0110ffbc 77e6482f kernel32!BaseThreadStart+0×34
0110ffc0 00f08898
0110ffc4 00000000
0110ffc8 00000000
0110ffcc 00f08898
0110ffd0 00000000
0110ffd4 0110ffc4
0110ffd8 80833bcc
0110ffdc ffffffff
0110ffe0 77e61a60 kernel32!_except_handler3
0110ffe4 77e64838 kernel32!`string′+0×98
0110ffe8 00000000
0110ffec 00000000

0110fff0 00000000
0110fff4 7854345e msvcr90!_endthreadex+0×6f
0110fff8 00f08898
0110fffc 00000000
01110000 00000130

0:002> k L=0110f650 0110f650 0110f650
ChildEBP RetAddr
WARNING: Frame IP not in any known module. Following frames may be wrong.
0110f650 0374669d 0x110f650
0110f6f0 037469d6 DbgHelp!WriteFullMemory+0x3cd
0110f704 03747449 DbgHelp!WriteDumpData+0x206
0110f868 03747662 DbgHelp!MiniDumpProvideDump+0x359
0110f8dc 33050dd9 DbgHelp!MiniDumpWriteDump+0x1b2
[...]
0110fdfc 33031726 ModuleA!WriteExceptionMiniDump+0x50
0110fea0 33018c81 ModuleA!ThreadHung+0x6c
[...]
0110ff44 33017e33 ModuleA!Run+0xde
00000000 00000000 ModuleA!ThreadProc+0x2c

⁹ http://www.dumpanalysis.org/blog/index.php/2011/06/18/stack-trace-patterns/

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Empty Stack Trace

Create new playlist

Sign In

Sign Up

Empty Stack Trace

Table of Contents for
Empty Stack Trace