I am programming in Windows 7 64 bits with VS 2013.
I already have a code which was developed in Linux 64 bits. That code is full of sprintf() functions.
Now, I run that code in Windows 64 bits, it shows alert windows.
At first, I tried sprintf, and it shows use sprintf_s. So I changed.
After change my code window shows this error.
Program : ...visual studio
2012\Project\IIS_Partial\Debug\IIS_Partial.exe
File : f\dd\vctools\crt_bld\self_x86\crt\src\vsprintf.c
Line : 233
Expression : format != NULL
For information on how your program can cause an assertion
failure, see the Visual C++ documentation on asserts.
(Press retry to debug the application)
Actually my code is made in C. Why this refers C++.
And I could even debug, because pressing the "debug" button directly goes to this error window. Are there any clues?
Thanks for reading:D
It was just a simple configuration matter.
Basically Microsoft Visual Studio 2012 is compiling as 32 bits.
So if someone want to run a source code in 64 bits, has to change options.
right click on [solution] -> [properties] -> [Configuration] -> [Configuration Manager](right upper corner of window) -> [Active Solution Platform] flow Menu -> -> upper is 'x64' and lower is 'Win32'. check the lower box.
and confirm. Now it builds in 64 bits environment.
Original Explanation from Microsoft Official site is :
http://msdn.microsoft.com/en-us/library/vstudio/9yb4317s.aspx
Related
I am trying to call functions from ntvdm.lib in Visual Studio 2019 using the Visual Studio 2017 - Windows XP (v141_XP) platform toolset, with the following defined:
#define _WIN32_WINNT 0x0501
#define i386
running dumpbin /exports on the LIB file I get the following output:
Microsoft (R) COFF/PE Dumper Version 14.29.30037.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file ntvdm.lib
File Type: LIBRARY
Exports
ordinal name
_BlockWOWIdle#4
_CurrentMonitorTeb
_DBGNotifyDebugged#4
_DBGNotifyNewTask#8
_DBGNotifyRemoteThreadAddress#8
_DispatchInterrupts#0
_Dos_Flag_Addr
_DpmiSetIncrementalAlloc#4
_ExpLdt
_FlatAddress
_GetDOSAppName#4
_InitialVdmDbgFlags
_InitialVdmTibFlags
_IsCdRomFile#4
_MGetVdmPointer#12
_RedirectLongFileName#12
_RedirectShortFileName#12
_RegisterWOWIdle#0
_ResumeTimerThread#0
_SelectorLimit
_SetShadowDescriptorEntries#8
_ShortPathEnvVar#4
_Sim32pGetVDMPointer#8
_SoftPcEoi#8
_SuspendTimerThread#0
_VDDAllocMem#12
_VDDAllocateDosHandle#12
_VDDAssociateNtHandle#12
_VDDDeInstallIOHook#12
_VDDDeInstallMemoryHook#12
_VDDDeInstallUserHook#4
_VDDExcludeMem#12
_VDDFreeMem#12
_VDDIncludeMem#12
_VDDInstallIOHook#16
_VDDInstallMemoryHook#16
_VDDInstallUserHook#20
_VDDQueryDMA#12
_VDDReleaseDosHandle#8
_VDDReleaseIrqLine#8
_VDDRequestDMA#16
_VDDReserveIrqLine#8
_VDDRetrieveNtHandle#16
_VDDSetDMA#16
_VDDSimulate16#0
_VDDTerminateVDM#0
_VdmDbgAttach#0
_VdmGetParametersInfoError#0
_VdmMapFlat#12
_VdmParametersInfo#12
_VdmTraceEvent#12
_WOWSysErrorBox#20
_WaitIfIdle#0
_call_ica_hw_interrupt#12
_cmdCheckTemp#4
_cmdCheckTempInit#0
_cpu_createthread#8
_demClientErrorEx#12
_demFileDelete#4
_demFileFindFirst#12
_demFileFindNext#4
_demGetFileTimeByHandle_WOW#4
_demGetPhysicalDriveType#4
_demIsShortPathName#8
_demLFNCleanup#0
_demLFNGetCurrentDirectory#8
_demSetCurrentDirectoryGetDrive#8
_demWOWLFNAllocateSearchHandle#4
_demWOWLFNCloseSearchHandle#4
_demWOWLFNEntry#4
_demWOWLFNGetSearchHandle#4
_demWOWLFNInit#4
_fSeparateWow
_getAF#0
_getAH#0
_getAL#0
_getAX#0
_getBH#0
_getBL#0
_getBP#0
_getBX#0
_getCF#0
_getCH#0
_getCL#0
_getCS#0
_getCX#0
_getDF#0
_getDH#0
_getDI#0
_getDL#0
_getDS#0
_getDX#0
_getEAX#0
_getEBP#0
_getEBX#0
_getECX#0
_getEDI#0
_getEDX#0
_getEFLAGS#0
_getEIP#0
_getES#0
_getESI#0
_getESP#0
_getFS#0
_getGS#0
_getIF#0
_getIP#0
_getIntelRegistersPointer#0
_getMSW#0
_getOF#0
_getPF#0
_getSF#0
_getSI#0
_getSP#0
_getSS#0
_getZF#0
_host_CreateThread#24
_host_ExitThread#4
_host_com_close#4
_host_direct_access_error#4
_host_simulate#0
_pDeviceChain
_setAF#4
_setAH#4
_setAL#4
_setAX#4
_setBH#4
_setBL#4
_setBP#4
_setBX#4
_setCF#4
_setCH#4
_setCL#4
_setCS#4
_setCX#4
_setDF#4
_setDH#4
_setDI#4
_setDL#4
_setDS#4
_setDX#4
_setEAX#4
_setEBP#4
_setEBX#4
_setECX#4
_setEDI#4
_setEDX#4
_setEFLAGS#4
_setEIP#4
_setES#4
_setESI#4
_setESP#4
_setFS#4
_setGS#4
_setIF#4
_setIP#4
_setMSW#4
_setOF#4
_setPF#4
_setSF#4
_setSI#4
_setSP#4
_setSS#4
_setZF#4
Summary
BD .debug$S
14 .idata$2
14 .idata$3
4 .idata$4
4 .idata$5
A .idata$6
The function definition I'm trying to call in VDDSVC.h is:
#define GetVDMPointer(Address, Size, Mode) Sim32GetVDMPointer(\
Address, Size, Mode)
However visual studio error is:
Error LNK2019 unresolved external symbol _MGetVdmPointer referenced in function _VddDispatch
_MGetVdmPointer is in the lib file but referenced as _MGetVdmPointer#12
I reviewed the options here but couldn't determine which one might apply in my scenario https://learn.microsoft.com/en-us/cpp/error-messages/tool-errors/linker-tools-error-lnk2019?view=msvc-170
In Linker -> General -> Show Progress I tried setting /VERBOSE although no additional information was generated in the logs
I tried changing calling convention to "__stdcall" in C/C++ -> Advanced Calling Convention
I've tried changing files from .C to .CPP although get similar error (Although the symbol looked for is a c++ mangled style name)
The issue was calling convention needs to be modified to "__stdcall" in C/C++ -> Advanced Calling Convention
Which I had tried, however Visual Studio 2019 project properties was defaulting to configuration for "Release" build and not the current build type "Debug(Active)" which effectively made my initial change of that setting ineffective.
As suggested in comments by IInspectable:
When changing global project properties, always make sure the "Configuration" is set to "All Configurations" and "Platform" is set to "All Platforms"
I've just started diving into driver related stuffs as what I want to do (cf. here) seems undoable with a "regular" application. For now, I'm just trying to install a Kernel Mode Driver (KMDF) as an upper filter for the mouse I want to modify the behaviour. The source files are not empty as they are filled in according to the Visual Studio KMDF template. The only modification I did so far in those source files was adding those two lines of code in the CreateDevice routine :
WdfFdoInitSetFilter(DeviceInit);
WdfDeviceInitSetDeviceType(DeviceInit, FILE_DEVICE_MOUSE);
to specify that the driver is a mouse filter driver.
However, I'm having trouble to install it as I would like on my virtual machine. Here is the INF file (don't pay too much attention to the comments, I just added them to better understand what's going on as it's the first time I'm confronted to such a file):
;
; EGMC_filter.inf
;
[Version]
Signature="$WINDOWS NT$" ;Operating system for which the INF file is valid
Class=Mouse ; The class is mouse
ClassGuid={4d36e96f-e325-11ce-bfc1-08002be10318} ; Mouse class GUID
Provider=%ManufacturerName% ; is specified in the Strings section (bottom of this file)
CatalogFile=EGMC_filter.cat ; for signature
DriverVer= ; TODO: set DriverVer in stampinf property pages
; The DestinationDirs section specifies the target destination directory for all copy, delete and/or rename operations
; on files referenced by name elsewhere in the INF file
[DestinationDirs]
DefaultDestDir = 12 ; directory is \Drivers on WinNT platforms
EGMC_filter_Device_CoInstaller_CopyFiles = 11 ; Directory is \system32 on WinNt platforms
[SourceDisksNames]
1 = %DiskName%,,,""
[SourceDisksFiles]
EGMC_filter.sys = 1,,
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
;*****************************************
; Install Section
;*****************************************
[Manufacturer] ; This section is used to list all devices handled by the driver
%ManufacturerName%=Standard,NT$ARCH$ ;stands for architecture. Is modified depending on x64 or x86
[Standard.NT$ARCH$] ; This is a model section
%EGMC_filter.DeviceDesc%=EGMC_filter_Device, USB\VID_093A&PID_2510; Specifying the Hardware ID for which to install the driver. No revision nb specified
[EGMC_filter_Device.NT] ; This is a DDInstall section
CopyFiles=Drivers_Dir ; CopyFiles directive that specify a copyfiles section (Drivers_Dir)
AddReg=EGMC_filter.AddReg
[EGMC_filter.AddReg]
HKR,,"UpperFilters",0x0010008,"EGMC_filter" ; REG_MULTI_SZ value
[Drivers_Dir] ; This is a CopyFile section.
EGMC_filter.sys ; All the files in this section are copied to the specified directory in the DestinationDirs section.
;-------------- Service installation
[EGMC_filter_Device.NT.Services]
AddService = EGMC_filter,%SPSVCINST_ASSOCSERVICE%, EGMC_filter_Service_Inst ; create a service installation section
; -------------- EGMC_filter driver install sections
[EGMC_filter_Service_Inst]
DisplayName = %EGMC_filter.SVCDESC%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %12%\EGMC_filter.sys ; create a value in the registry with the fully qualified path of the driver's file
;
;--- EGMC_filter_Device Coinstaller installation ------
;
[EGMC_filter_Device.NT.CoInstallers]
AddReg=EGMC_filter_Device_CoInstaller_AddReg ;Add a registry section
CopyFiles=EGMC_filter_Device_CoInstaller_CopyFiles
[EGMC_filter_Device_CoInstaller_AddReg]
HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
[EGMC_filter_Device_CoInstaller_CopyFiles]
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
[EGMC_filter_Device.NT.Wdf]
KmdfService = EGMC_filter, EGMC_filter_wdfsect
[EGMC_filter_wdfsect]
KmdfLibraryVersion = $KMDFVERSION$
[Strings]
SPSVCINST_ASSOCSERVICE= 0x00000002
ManufacturerName="EGMC" ; My manufacturer name
ClassName="Mouse" ; ClassName of the device
DiskName = "EGMC_filter Installation Disk" ; the disk name. DON'T KNOW WHERE IT COMES FROM !!!
EGMC_filter.DeviceDesc = "EGMC Filter Device"
EGMC_filter.SVCDESC = "EGMC_filter Service"
I'm trying to install my driver in a virtual machine running Windows 10. The VM is configured to support USB 2.0 and I've added a USB device filter in order for the VM to detect my particular mouse (otherwise, the VM couldn't distinguish the different mice connected).
First I tried deploying it via Visual Studio using the "Install/Reinstall and Verify" option in the project properties (configuration properties -> Driver Install -> Deployment). Note that remove previous driver versions before deployment is selected.
It didn't work and I got the following error messages :
[17:32:01:625]: ERROR: Task "Default Driver Package Installation Task" failed to complete successfully. Look at the logs in the driver test group explorer for more details on the failure.
[17:32:02:348]: Driver Post Install Actions
[17:32:02:348]: Removing any existing files from test execution folder.
[17:32:02:375]: Copying required files for "Driver Post Install Actions".
[17:32:02:934]: [Driver Post Install Actions] Command Line:
$KitRoot$\Testing\Runtimes\TAEF\te.exe "%SystemDrive%\DriverTest\Run\DriverTestTasks.dll" /select:"#Name='DriverTestTasks::_DriverPostInstall'" /rebootStateFile:%SystemDrive%\DriverTest\Run\DriverTestReboot.xml /enableWttLogging /wttDeviceString:$LogFile:file="%SystemDrive%\DriverTest\Run\Driver_Post_Install_Actions_00011.wtl",writemode=append,encoding=unicode,nofscache=true,EnableLvl="WexStartTest|WexEndTest|WexXml|WexProperty|WexCreateContext|WexCloseContext|*" /runas:Elevated
[17:32:05:387]: Result Summary: Total=1, Passed=1, Failed=0, Blocked=0, Warned=0, Skipped=0
[17:32:05:388]: Task "Driver Post Install Actions" completed successfully
Driver Deployment Task Failed: Default Driver Package Installation Task
It may sound stupid but I was unable to locate the logs in the driver test group explorer to get more info about the error.
Secondly, I tried using the "Hardware ID Driver" option instead of the "Install/Reinstall and Verify" one with the following Hardware ID "USB\VID_093A&PID_2510" (same as the one specified in the INF). It worked this time. However, I'm not sure to understand exactly why. So now that you got a better picture of what I'm doing, here are my questions :
1) I did understand that the SourceDisksNames section is used to specify the name of a disk (CD-rom, DVD) containing the .sys file of the driver. However, I don't understand how to install a driver from such a disk practically. Imagine I buy a specific hardware and it comes with a CD with the corresponding driver files. Once the CD is in the player, what should I do ? Should I run the INF file in order to install it ? From what I remember the only time I had to install a driver from a disk it was a .exe file.
2) What if I want to release my driver package via Internet ? What's the point of this section then ?
3) By default when I created the project, VS filled the disk name with "EGMC_filter Installation Disk". What does it correspond to ? Should I modify it ?
4) I don't understand how the deployment process works. I guess that VS first transfers the driver package (containing the .INF, .cat and .sys) to the VM and then launches the .INF file in the VM. Is that right ? If yes, what does the DiskName correspond to in the VM ? Does VS create some kind of ISO containing the package ? Where can I find where the package is stored in the VM ?
5) Does the deployment process differ when using the "Hardware ID Driver Update" and the "Install/Reinstall […]" options ?
6) Any idea why I can't install my driver using the "Install/Reinstall and Verify" option ? What's wrong with the INF file ? Has it something to do with the Disk name ?
7) Despite having read this page, I'm confused about why I can deploy my driver with the "Hardware ID" option considering that I didn't respect the form Root\xxx (I saw this page afterwards). However, it seems clear that for what I want to do, I must install my driver using the other option. Any idea why it still seems to work (at least partially) ?
8) After the "incorrect" installation is completed, a "EGMC Filter Device" entry is added to the Device Manager under Mice and other pointer devices even when the mouse of interest is unplugged. Why is this ? When I plug it, another entry appears.
9) When my driver is installed, the mouse doesn't work anymore (it doesn't even light up !). However, as the upper filter doesn't do anything for now, the mouse should work normally. The only explanation I've found so far is that the driver is installed as a function driver and not as a filter one. Could it be the case ? In the registry of the VM, I'm unable to find the UpperFilters keys with the "EGMC_filter" value in the section "Ordinateur\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class{4d36e96f-e325-11ce-bfc1-08002be10318}". The only one I found is : "UpperFilters : VboxMouse mouclass". It comforts me in my idea that the driver is installed as a function one… Could the VM interferes with my driver ?
10) The driver details of the mouse of interest (left) and the regular one (right) also confuse me as the mouhid is missing from the former.
11) Lastly, what's the point of specifying in the driver code that it's a filter driver ? What does it change concretely ?
I know it's a long post and that I'm asking quite specific questions but I hope you won't mind and hopefully some experts right there will be able to answer them.
I'm looking forward to your replies.
Guillaume.
I know there are multiple questions regarding this subject, but they did not help.
When trying to compile, whatever, I keep getting the same error:
arm-none-eabi-gcc.exe: error: CreateProcess: No such file or directory
I guess it means that it can not find the compiler.
I have tried tweaking the path settings
C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\nxp\LPCXpresso_7.6.2
326\lpcxpresso\tools\bin;
Seems to be right?
I have tried using Sysinternals process monitor
I can see that a lot of arm-none-eabi-gcc.exe are getting a result of name not found but there are a lot of successful results too.
I have also tried reinstalling the compiler and the LPCXpresso, no luck.
If i type arm-none-eabi-gcc -v i get the version, so it means its working
but when i am trying to compile in CMD like this arm-none-eabi-gcc led.c
i get the same error as stated above
arm-none-eabi-gcc.exe: error: CreateProcess: No such file or directory
Tried playing around more with PATH in enviroments, no luck. I feel like something is stopping LPCXpresso from finding the compiler
The only Antivirus this computer has is Avira and i disabled it. I also allowed compiler and LPCXpresso through the firewall
I have tried some more things, i will add it shortly after trying to duplicate the test.
It seems your problem is a happy mess with Vista and GCC. Long story short, a CRT function, access, has a different behavior on Windows and Linux. This difference is actually mentioned on Microsoft documentation, but the GCC folks didn't notice. This leads to a bug on Vista because this version of Windows is more strict on this point.
This bug is mentioned here : https://gcc.gnu.org/bugzilla/show_bug.cgi?id=33281
I have no proof that your problem comes from here, but the chances are good.
The solutions :
Do not use Vista
Recompile arm-none-eabi-gcc.exe with the flag -D__USE_MINGW_ACCESS
Patch arm-none-eabi-gcc.exe
The 3rd is the easiest, but it's a bit tricky. The goal is to hijack the access function and add an instruction to prevent undesired behavior. To patch your gcc, you have two solutions : you upload your .exe and I patch it for you, or I give you the instructions to patch it yourself. (I can also patch it for you, then give the instructions if it works). The patching isn't really hard and doesn't require advanced knowledge, but you must be rigorous.
As I said, I don't have this problem myself, so I don't know if my solution really works. The patch seems to be working for this problem.
EDIT2:
The exact problem is that the linux access have a parameter flag to check whether a file is executable. The Windows access cannot check for this. The behavior of most Windows versions is just to ignore this flag, and check if the file exists instead, which will usually give the same behavior. The problem is that Vista doesn't ignore this, and whenever the access is used to check for executability, it will return an error. This lead to GCC programs to think that some executables are not here. The patch induced by -D__USE_MINGW_ACCESS, or done manually, is to delete the flag when access is called, thus checking for existence instead just like other Windows versions.
EDIT:
The patching is actually needed for every GCC program that invokes other executables, and not only gcc.exe. So far there is only gcc.exe and collect2.exe.
Here are the patching instruction :
Backup your arm-none-eabi-gcc.exe.
Download and install CFF Explorer (direct link here).
Open arm-none-eabi-gcc.exe with CFF Explorer.
On the left panel, click on Import Directory.
In the module list that appears, click on the msvcrt.dll line.
In the import list that appears, find _access. Be careful here, the list is long, and there are multiple _access entries. The last one (the very last entry for me) is probably the good one.
When you click on the _access line, an address should appear on the list header, in the 2nd column 2nd row, just below FTs(IAT). Write down that address on notepad (for me, it is 00180948, it may be different). I will refer to this address as F.
On the left panel, click on Address Converter.
Three fields should appear, enter address F in the File Offset field.
Write down on notepad a 6 bytes value : the first two bytes are FF 25, the last 4 are the address that appeared in the VA field, IN REVERSE. For example, if 00586548 appeared in the VA field, write down FF 25 48 65 58 00 (spaces added for legibility). I will refer to this value as J. This value J is the instruction that jumps to the _access function.
On the left panel, click on Section Headers.
In the section list that appeared on the right, click on the .text line (the .text section is where the code resides).
In the editor panel that appeared below, click on the magnifier and, in the Hex search bar, search for a series of 11 90 (9090909090..., 90 is NOP in assembly). This is to find a code cave (unused space) to insert the patch, which is 11 bytes long. Once you found a code cave, write down the offset of the first 90. The exact offset is displayed on the very bottom as Pos : xxxxxxxx. I will refer to this offset as C.
Use the editor to change the sequence of 11 90 : the first 5 bytes are 80 64 E4 08 06. These 5 bytes are the instruction that prevents the wrong behavior. The last 6 bytes are the value J (edit the next 6 bytes to J, ex. FF 25 48 65 58 00), to jump back to the _access function.
Click on the arrow icon (Go To Offset) a bit below, and enter 0, to navigate to the beginning of the file.
Use the Hex search bar again to search for value J. If you find the bytes you just modified, skip. The J value you need is located around many value containing FF 25 and 90 90. That is the DLL jump table. Write down the offset of the value J you found (offset of the first byte, FF). I will refer to this offset as S. Note 1: If you can't find the value, maybe you picked the wrong _access in step 6, or did something wrong between step 6 to 10. Note 2: The search bar doesn't loop when it hit the end; go to offset 0 manually to re-find.
Use a hexadecimal 32-bit 2-complement calculator (like this one : calc.penjee.com) to calculate C - S - 5. If your offset C is 8C0 and your offset S is 6D810, you must obtain FF F9 30 AB (8C0 minus 6D810, minus 5).
Replace the value J you found in the file (at step 16) by 5 bytes : the first byte is E9, the last 4 are the result of the last operation, IN REVERSE. If you obtained FF F9 30 AB, you must replace the value J (ex: FF 25 48 65 58 00) by E9 AB 30 F9 FF. The 6th byte of J can be left untouched. These 5 bytes are the jump to the patch.
File -> Save
Notes : You should have modified a total of 16 bytes. If the patched program crash, you did something wrong. Even if it doesn't work, this patch can't induce a crash.
Let me know if you have difficulties somewhere.
I'm writing a windows (MS) application to get the name of the process of the active window.
On a desktop PC running 32-bit Windows XP Professional the application runs as expected. But on a laptop machine with a 64-bit Windows 7 Professional OS the does not work as expected. For certain processes an invalid handle is returned. I get the same results on an ultrabook running Windows 8.1 64-bit.
The relevant code snippet is as follows:
DWORD dwThreadID, dwProcessID;
GUITHREADINFO gti;
HANDLE hProcess;
char szProcessFileName[MAX_PATH] = {0};
gti.cbSize = sizeof(GUITHREADINFO);
GetGUIThreadInfo(0, >i);
dwThreadID = GetWindowThreadProcessId(gti.hwndActive, &dwProcessID);
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwProcessID);
// Get the name of the process (no error checking for brevity)
GetModuleFileNameEx(hProcess, NULL, szProcessFileName, MAX_PATH);
When the application runs in the non-Windows XP OSes, as stated above, for certain processes OpenProcess and GetModuleFileNameEx fail. GetModuleFileNameEx typically fails with ERROR_PARTIAL_COPY (error code: 299) or ERROR_INVALID_PARAMETER (error code: 87) whereas OpenProcess fails with ERROR_INVALID_HANDLE (error code: 6)
Not sure what's going on. Any help is greatly appreciated. I wonder if it has to do with user permissions.
The source code is compiled as a 32-bit application on a 64-bit machine running Windows 7 Pro x64.
It's a bit of a long read but try... this for starters.
If you are running on XP or above, the recommended workaround to get at the 64-bit process image path from a 32-bit process, is to use the newer GetProcessImageFileName which gets the path (via ProcessImageFileName (27) process information class of NtQueryInformationProcess). The wow64 layer does not do much this time because it is just a unicode string. However this function has a downside – the path returned is of the form /Device/HarddiskVolumeX instead of DOS style drive letter based paths.
Note how the one error was trying to tell you that only 32-bits of a 64-bit address was copied into your pointer. The article describes it better than I can.
I'm pretty new to using WinDbg, but recently my application started having issues, but only on Windows 7 machines (it runs fine the first time the PC is started but crashes or just disappears silently each time after).
I got the mdmp file, but find myself somewhat lacking on how best to extract the data I need from it. I got the following analysis (might be doing it wrong)...
Can anyone hopefully help shed some light on my issue or if I'm running the analysis incorrectly:
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/Star_exe/1_0_0_0/4dbad268/KERNELBASE_dll/6_1_7600_16385/4a5bdaae/e0434352/00009617.htm?Retriage=1
FAULTING_IP:
KERNELBASE!RaiseException+58
752d9617 c9 leave
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 752d9617 (KERNELBASE!RaiseException+0x00000058)
ExceptionCode: e0434352 (CLR exception)
ExceptionFlags: 00000001
NumberParameters: 5
Parameter[0]: 80070002
Parameter[1]: 00000000
Parameter[2]: 00000000
Parameter[3]: 00000000
Parameter[4]: 57af0000
PROCESS_NAME: Star.exe
ERROR_CODE: (NTSTATUS) 0xe0434352 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xe0434352 - <Unable to get error code text>
EXCEPTION_PARAMETER1: 80070002
EXCEPTION_PARAMETER2: 00000000
EXCEPTION_PARAMETER3: 00000000
EXCEPTION_PARAMETER4: 0
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
MANAGED_STACK: !dumpstack -EE
No export dumpstack found
MANAGED_BITNESS_MISMATCH:
Managed code needs matching platform of sos.dll for proper analysis. Use 'x86' debugger.
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
LAST_CONTROL_TRANSFER: from 57c03970 to 752d9617
FAULTING_THREAD: ffffffff
DEFAULT_BUCKET_ID: STACKIMMUNE
PRIMARY_PROBLEM_CLASS: STACKIMMUNE
BUGCHECK_STR: APPLICATION_FAULT_STACKIMMUNE_NOSOS_CLR_EXCEPTION_WRONG_SYMBOLS
STACK_TEXT:
00000000 00000000 star.exe+0x0
SYMBOL_NAME: star.exe
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: star
IMAGE_NAME: Star.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4dbad268
STACK_COMMAND: ** Pseudo Context ** ; kb
FAILURE_BUCKET_ID: STACKIMMUNE_e0434352_Star.exe!Unknown
BUCKET_ID: APPLICATION_FAULT_STACKIMMUNE_NOSOS_CLR_EXCEPTION_WRONG_SYMBOLS_star.exe
FOLLOWUP_IP: *** WARNING: Unable to verify timestamp for Star.exe
Star!.ctor+0 [C:\Users\Aj\Documents\Visual Studio 2010\Projects\Star\Star\ViewModels\ViewModelBase.cs # 22]
00360000 ?? ???
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/Star_exe/1_0_0_0/4dbad268/KERNELBASE_dll/6_1_7600_16385/4a5bdaae/e0434352/00009617.htm?Retriage=1
Followup: MachineOwner
---------
You may want to use this article as a starting point: SOS: It's Not Just an ABBA Song Anymore
It looks like your application is a .NET application, make sure you've got the right .NET Framework installed. When you load the sos.dll file into windbg, you may have to provide a full path. Also, you can set up access to the public microsoft symbol servers to help with some of your stack tracing. This article may help: Debugging Tools and Symbols: Getting Started. Make sure you've got the latest version of the debugging tools.
!analyze will give you some information about the fault, but not too much else. You should look at the first article to see what else is going on.
Posting some information about your application will also help people see if you are having a similar issue.
It looks like the fault is happening in your ViewModelBase.cs file. You may want to add some logging (using log4net or similar tool) to catch the exception and print out the stack trace. You can also hook into AppDomain.CurrentDomain.UnhandledException event (or the Application.DispatcherUnhandledException event for WPF applications) to catch anything that's getting thrown and printing out something to a log file. In this case, you won't need to resort to WinDbg to figure out what's going on.
Well after several weeks of searching (maybe more), it turns out that when using Trend Micro Corporate, XP to Server 2003 is fine, Vista and Windows 7 to 2003 is fine, and even XP/Vista to server 2008 is fine, but (and I have no idea why), when using Windows 7 and trying to run a network application using a UNC path in the shortcut, it blocks certain pieces of the network traffic for that application, and it does so sporadically and what seems to be without any sound logic. I can't say why as we never quite figured out what exactly the catalyst was for setting off Trend, but I do know that when we disabled Trend, all was back to normal (something I wished we tried sooner). We found that by mapping a drive to our share and changing our shortcuts on our users workstations to use the mapped drive rather than a UNC path, the issue was averted.
Hopefully no one else runs into this problem, but if they do, this will perhaps shed some light on the issue.
Thank you!
Aj