Hi,
Recently we were having crash at customer in Windows Service and the dump
Collected through ADPlus shows only last thread which was not the thread
that was crashing. The dump was taken on “Process Shutdown” event. I then
did the live debugging and set breakpoint on Terminate Process. There I
found that the crash was due to invalid argument passed to wcscpy_s call:
kernel32!TerminateProcess
Xms!_invoke_watson
Xms!wcscpy_s
Questions:
How we can take dump on such type of crahses using ADPlus - What type of
exceptions we should configure for ADPlus to take dump.
I was trying to see the paramters from source code. doing “uf”, i was
getting following:
lea eax,<unloaded_rt40.dll>+0x105 (00000106)[esi]
push offset <unloaded_rt40.dll>+0x103 (00000104)
push eax
call Xms!wcscpy_s (00621385)
What is meant by expression "offset <unloaded_rt40.dll>+0x103 (00000104) " and How do we get memory address of variables from the expression. 3) In old Windows version there use to be “AeDebug” key where debugger can be specified. in windows 2008 R2, if user does not have ADPlus then will the dump be still created?
If you start windbg with the ‘-I’ option, it will install it as the
postmortem debugger.
See the docs.
Good luck,
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, August 25, 2010 11:37 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] ADPlus configuration to Catch Invalid Arg Exception
Recently we were having crash at customer in Windows Service and the
dump Collected through ADPlus shows only last thread which was not the
thread that was crashing.
Try using DrWatson to generate dumps and WinDbg to analyze them.