- how to find which process windbg tried to attach to in this error msg
- why it couldnt attach and
- how can i force attach to it if need be ??
i see some occasional msg by the AeDebugger (windbg ) like this
cannot debug pid XXXXX ntstatus 0xc000010a
lkd> !error 0xc000010a
Error code: (NTSTATUS) 0xc000010a (3221225738) - An attempt was made
to duplicate an object handle into or out of an exiting process.
how to find what process caused this ?? if i click ok on the
messagebox windbg simply quits
i opened lkd on such instance and i list the process
lkd> .tlist -v wind*
0n2068 windbg.exe
Session: 0 User: MC\Admin Command Line:
“F:\windbg\612windbg\windbg.exe” -p 2652 -e 444 -g
0n2064 windbg.exe
Session: 0 User: MC\Admin Command Line:
“F:\windbg\612windbg\windbg.exe” -p 2652 -e 684 -g
0n1528 windbg.exe
Session: 0 User: MC\Admin Command Line:
“F:\windbg\612windbg\windbg.exe” -kl -Q
i see windbg is trying to attach to pid 2652 in this case
i also see -e 444 and -684
windbg help file says e is used to call debugger programatically ?
{quote}
-e Event
Signals the debugger that the specified event has occurred. This
option is only used when starting the debugger programmatically.
{/quote}
dumping the process details of windbg does not give a coherant stack
lkd> !process 0n2068 f
Searching for Process with Cid == 814
Cid handle table at e3d24000 with 559 entries in use
PROCESS 865b1828 SessionId: 0 Cid: 0814 Peb: 7ffdb000 ParentCid: 0a5c
DirBase: 0fdc0420 ObjectTable: e114a4d0 HandleCount: 67.
Image: windbg.exe
VadRoot 85f91888 Vads 71 Clone 0 Private 276. Modified 19. Locked 0.
DeviceMap e2de19b0
Token e1614b20
ElapsedTime 00:24:30.984
UserTime 00:00:00.031
a9836cc8 80500cf0 nt!KiSwapContext+0x2e (FPO: [Uses EBP] [0,0,4])
a9836cd4 804f9d72 nt!KiSwapThread+0x46 (FPO: [0,0,0])
a9836cfc bf802f45 nt!KeWaitForSingleObject+0x1c2 (FPO: [Non-Fpo])
WARNING: Frame IP not in any known module. Following frames may be wrong.
a9836d5c 8053d658 0xbf802f45
a9836d5c 0000003b nt!KiFastCallEntry+0xf8 (FPO: [0,0]
TrapFrame @ a9836d4c)
00000001 00000000 0x3b
doing a .process and listing the modules dont show any module that
windbg is trying to attach
lkd> .process /p /r 865b1828
Implicit process is now 865b1828
Loading User Symbols
…WARNING: Loader 001a1f18 timestamp 00000000 != header timestamp 49c4f482
…
lkd> lm
start end module name
01000000 01097000 windbg (deferred)
02000000 0239b000 dbgeng (deferred)
03000000 03141000 dbghelp (deferred)
4b400000 4b486000 MSFTEDIT (deferred)
the only thing that looks odd is the current directory in !peb
CurrentDirectory: 'C:\Documents and
Settings\LocalService\Application Data\ZTE_CDMA_1X'
WindowTitle: ‘F:\windbg\612windbg\windbg.exe’
ImageFile: ‘F:\windbg\612windbg\windbg.exe’
CommandLine: ‘“F:\windbg\612windbg\windbg.exe” -p 2652 -e 444 -g’
that dir doesnt sem to contain any exe
lkd> .shell dir "C:\Documents and Settings\LocalService\Application
Data\ZTE_CDMA_1X"
<.shell waiting 1 second(s) for process>
Volume in drive C has no label.
Volume Serial Number is 9836-92E3
Directory of C:\Documents and Settings\LocalService\Application
Data\ZTE_CDMA_1X
05/11/2011 09:09
.05/11/2011 09:09 ..
12/11/2011 23:37 287 Config.ini
05/11/2011 09:09 157 plot.log
2 File(s) 444 bytes
2 Dir(s) 5,963,878,400 bytes free
.shell: Process exited
Press ENTER to continue
<.shell waiting 1 second(s) for process>
<.shell process may need input>
how can i eke out the process name that windbg was trying to attach to ?
and how to find out what event was signaled ?? that shows up in windbg
command line ?
1) what exe exited ?
2)why windbg wanted to catch it ?
3) and why it couldnt catch it ?
befor closing down the instance i have made a dump using
ntsd -pv -p 2068 -c ".dump /ma windbgdump.dmp;"
0:000> !analyze ;du 01071f80; du 01076280
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/windbg_exe/6_12_2_633/unknown/0_0_0_0/00000000.htm?Retriage=1
Probably caused by : windbg.exe ( windbg!TextMsgBox+78 )
Followup: MachineOwner
---------
01071f80 "Could not attach to process 2652"
01071fc0 ", NTSTATUS 0xC000010A..An attemp"
01072000 "t was made to duplicate an objec"
01072040 "t handle into or out of an exiti"
01072080 "ng process."
01076280 "WinDbg:6.12.0002.633 X86 "