All,
Scenario:
our user mode service crashed. as a result dr watson (or what ever it is
called these days) kicked in and tried to take a dump. unfortunately, due
to an unrelated issue, the whole system hung at that point (probably some
driver hung). the dump never completed. at this point the user luckily had
the ability to take a full kernel dump.
so i have a full dump, but ofcourse windbg is incorrect it thinks this is a
system crash, but it is not. it is a hang which was manually crashed.
however, i am not interested in the kernel hang, i want to find out why my
user land service crashed.
this is a full dump and I see that all threads of my service are suspended
(probably by Werfault) and I see all threads waiting on KiDeliverAPC.
But i dont know how to proceed from this point and figure out the original
crash. further complicating the process is that fact that it is a 32 bit
service, so all threads are showing wow64 stacks.
is it possible to find the original crash any more?