I met an exception of C000001D in a crash dump.
The exception address is just a push instruction. The only strange place is what WinDBG shows the value of ebp+8.
ss:002b:002df0cc=e8ad9400
while I type “dd 002df0cc”, it’s 0094ade8.
0:000> .exr 2debcc
ExceptionAddress: 643b0d8b (zChatApp!CSBPTDataHelper::HandleSubscriptionAccepted+0x00000027)
ExceptionCode: c000001d (Illegal instruction)
ExceptionFlags: 00000000
NumberParameters: 0
0:000> .cxr 2dec1c
eax=002df094 ebx=002df1ac ecx=7178483a edx=00000000 esi=06fdda38 edi=06fdda38
eip=643b0d8b esp=002df080 ebp=002df0c4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210246
zChatApp!CSBPTDataHelper::HandleSubscriptionAccepted+0x27:
643b0d8b ff7508 push dword ptr [ebp+8] ss:002b:002df0cc=e8ad9400
Overclocked hardware perhaps?
From: xxxxx@yahoo.com
Sent: 11/5/2012 14:57
To: Kernel Debugging Interest List
Subject: [windbg] Exception C000001D
I met an exception of C000001D in a crash dump.
The exception address is just a push instruction. The only strange place is what WinDBG shows the value of ebp+8.
ss:002b:002df0cc=e8ad9400
while I type “dd 002df0cc”, it’s 0094ade8.
0:000> .exr 2debcc
ExceptionAddress: 643b0d8b (zChatApp!CSBPTDataHelper::HandleSubscriptionAccepted+0x00000027)
ExceptionCode: c000001d (Illegal instruction)
ExceptionFlags: 00000000
NumberParameters: 0
0:000> .cxr 2dec1c
eax=002df094 ebx=002df1ac ecx=7178483a edx=00000000 esi=06fdda38 edi=06fdda38
eip=643b0d8b esp=002df080 ebp=002df0c4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210246
zChatApp!CSBPTDataHelper::HandleSubscriptionAccepted+0x27:
643b0d8b ff7508 push dword ptr [ebp+8] ss:002b:002df0cc=e8ad9400
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
xxxxx@yahoo.com wrote:
I met an exception of C000001D in a crash dump.
The exception address is just a push instruction. The only strange place is what WinDBG shows the value of ebp+8.
ss:002b:002df0cc=e8ad9400
while I type “dd 002df0cc”, it’s 0094ade8.
Are you 100% sure? Because if you typed “db 002df0cc”, you’d expect to
see “00 94 ad e8”.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
0:000> dd 002df0cc
002df0cc 0094ade8 00000008 2ce42647 004f8670
002df0dc 06fdda38 00000001 00000000 74332134
002df0ec 74331814 070124e0 00000000 00000000
002df0fc 002df0f4 002df0f8 00000000 00000000
002df10c 002df104 002df108 00000000 00000000
002df11c 002df114 002df118 07015fe8 00000000
002df12c 00000004 002df144 74331534 00000000
002df13c 00000000 00000000 00000201 00000006
It looks weird, maybe it’s hardware issue.
Thanks for your replies.
not in front of the debugger but the stack address does not seem correct.
its not kernel address space
On Mon, Nov 5, 2012 at 5:25 PM, Tim Roberts wrote:
> xxxxx@yahoo.com wrote:
> > I met an exception of C000001D in a crash dump.
> >
> > The exception address is just a push instruction. The only strange place
> is what WinDBG shows the value of ebp+8.
> >
> > ss:002b:002df0cc=e8ad9400
> >
> > while I type “dd 002df0cc”, it’s 0094ade8.
>
> Are you 100% sure? Because if you typed “db 002df0cc”, you’d expect to
> see “00 94 ad e8”.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
It’s a user mode crash dump and generated through a SIGILL handler.