Weird stack

When I am kernel debugging on x64 and I am looking at a user-mode stack I get a lot of funky output:

RetAddr : Args to Child : Call Site
00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc cccccccccccccccc : mydll!myfunction2 00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : mydll!myfunction1
cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc 0000000000000000 : 0x2ad368 cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000 cccccccccccccccc : 0xcccccccccccccccc cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccc`cccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare VM running Windows Vista x64, SP1.

Thanks!
-Jeff

Here is more. It appears to definitely be something to do with my PDBs as the Microsoft ones from the symbol server look correct…

Child-SP RetAddr : Args to Child : Call Site

00 000000000750d9b0 000000000750d9e8 : 000000000750d9e8 000000000750da78 000000000750d9d8 cccccccccccccccc : mydll!myfunc3
01 000000000750d9b8 000000000750d9e8 : 000000000750da78 000000000750d9d8 cccccccccccccccc 0000000007ab0d28 : 0x750d9e8
02 000000000750d9c0 000000000750da78 : 000000000750d9d8 cccccccccccccccc 0000000007ab0d28 cccccc00cccccccc : 0x750d9e8
03 000000000750d9c8 000000000750d9d8 : cccccccccccccccc 0000000007ab0d28 cccccc00cccccccc 00000001802b0268 : 0x750da78
04 000000000750d9d0 cccccccccccccccc : 0000000007ab0d28 cccccc00cccccccc 00000001802b0268 cccccccccccccccc : 0x750d9d8
05 000000000750d9d8 0000000007ab0d28 : cccccc00cccccccc 00000001802b0268 cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 06 000000000750d9e0 cccccc00cccccccc : 00000001802b0268 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0x7ab0d28 07 000000000750d9e8 00000001802b0268 : cccccccccccccccc cccccccccccccccc cccccccccccccccc fffffffffffffffe : 0xcccccc00cccccccc
08 000000000750d9f0 cccccccccccccccc : cccccccccccccccc cccccccccccccccc fffffffffffffffe 000000000750d9e8 : mydll!myfunc2
09 000000000750d9f8 cccccccccccccccc : cccccccccccccccc fffffffffffffffe 000000000750d9e8 000000000750d9e8 : 0xcccccccccccccccc 0a 000000000750da00 cccccccccccccccc : fffffffffffffffe 000000000750d9e8 000000000750d9e8 cccccccc00000000 : 0xcccccccccccccccc
0b 000000000750da08 fffffffffffffffe : 000000000750d9e8 000000000750d9e8 cccccccc00000000 cccccccccccccccc : 0xcccccccccccccccc 0c 000000000750da10 000000000750d9e8 : 000000000750d9e8 cccccccc00000000 cccccccccccccccc cccccccccccccccc : 0xfffffffffffffffe
0d 000000000750da18 000000000750d9e8 : cccccccc00000000 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0x750d9e8
0e 000000000750da20 cccccccc00000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc 000000000750dac0 : 0x750d9e8
0f 000000000750da28 cccccccccccccccc : cccccccccccccccc cccccccccccccccc 000000000750dac0 00000001800247f0 : 0xcccccccc00000000 10 000000000750da30 cccccccccccccccc : cccccccccccccccc 000000000750dac0 00000001800247f0 0000000000f6fd60 : 0xcccccccccccccccc
11 000000000750da38 cccccccccccccccc : 000000000750dac0 00000001800247f0 0000000000f6fd60 000000000750da78 : 0xcccccccccccccccc 12 000000000750da40 000000000750dac0 : 00000001800247f0 0000000000f6fd60 000000000750da78 cccccccccccccccc : 0xcccccccccccccccc
13 000000000750da48 00000001800247f0 : 0000000000f6fd60 000000000750da78 cccccccccccccccc cccccccccccccccc : 0x750dac0
14 000000000750da50 0000000000f6fd60 : 000000000750da78 cccccccccccccccc cccccccccccccccc cccccccccccccccc : mydll!myfunc1
15 000000000750da58 000000000750da78 : cccccccccccccccc cccccccccccccccc cccccccccccccccc 0000000007ab09a8 : 0xf6fd60
16 000000000750da60 cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000007ab09a8 cccccccccccccccc : 0x750da78
17 000000000750da68 cccccccccccccccc : cccccccccccccccc 0000000007ab09a8 cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 18 000000000750da70 cccccccccccccccc : 0000000007ab09a8 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
19 000000000750da78 0000000007ab09a8 : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 1a 000000000750da80 cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0x7ab09a8 1b 000000000750da88 cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc fffffffffffffffe : 0xcccccccccccccccc
1c 000000000750da90 cccccccccccccccc : cccccccccccccccc cccccccccccccccc fffffffffffffffe cccccccccccccccc : 0xcccccccccccccccc 1d 000000000750da98 cccccccccccccccc : cccccccccccccccc fffffffffffffffe cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
1e 000000000750daa0 cccccccccccccccc : fffffffffffffffe cccccccccccccccc cccccccccccccccc 0000000007a99680 : 0xcccccccccccccccc 1f 000000000750daa8 fffffffffffffffe : cccccccccccccccc cccccccccccccccc 0000000007a99680 000007fefdaf528f : 0xcccccccccccccccc
20 000000000750dab0 cccccccccccccccc : cccccccccccccccc 0000000007a99680 000007fefdaf528f 0000000000f6b760 : 0xfffffffffffffffe 21 000000000750dab8 cccccccccccccccc : 0000000007a99680 000007fefdaf528f 0000000000f6b760 0000000005e9b827 : 0xcccccccccccccccc
22 000000000750dac0 0000000007a99680 : 000007fefdaf528f 0000000000f6b760 0000000005e9b827 00000000052f62b4 : 0xcccccccccccccccc 23 000000000750dac8 000007fefdaf528f : 0000000000f6b760 0000000005e9b827 00000000052f62b4 0000000000000400 : 0x7a99680 24 000000000750dad0 000007fefdaf54d0 : 000000000750df90 000007fe05e9b827 00000000052f62b4 000000000750de80 : OLEAUT32!IDispatch_Invoke_Stub+0xcf 25 000000000750db70 000007fefdbd599c : 000007fefdb40082 000000000750df90 000007fefdb43a50 000007fefdb426d8 : OLEAUT32!IDispatch_RemoteInvoke_Thunk+0x60 26 000000000750dbe0 000007fefdc64442 : 0000000000000000 0000000007ab0798 0000000007a96200 000007fefdb625c0 : RPCRT4!NdrStubCall2+0xc0b 27 000000000750e1e0 000007fefdafb24e : 0000000000000001 0000000000000000 0000000007ab07a8 0000000007ab0770 : RPCRT4!CStdStubBuffer_Invoke+0x9a 28 000000000750e210 000007fefda18809 : 0000000000000000 0000000000000000 0000000000105f40 00000000001107a0 : OLEAUT32!CStubWrapper::Invoke+0x9e 29 000000000750e240 000007fefda1877f : 000000000010f8a0 0000000000117534 00000000001107a0 00000001801f7e48 : ole32!SyncStubInvoke+0x5d 2a 000000000750e2b0 000007fefd8e85ab : 000000000010f8a0 0000000005334ca0 0000000007a0d720 0000000000000001 : ole32!StubInvoke+0xdb 2b 000000000750e360 000007fefd8e9bf5 : cccccccc00000000 0000000000117534 0000000007ab0770 000000000010f8a0 : ole32!CCtxComChnl::ContextInvoke+0x19f 2c 000000000750e4e0 000007fefda18a83 : 0000000005334ca0 0000000000000000 0000000007a0d720 0000000000000000 : ole32!STAInvoke+0x91 2d 000000000750e530 000007fefda183b7 : 00000000d0908070 0000000005334ca0 000000000010fa30 00000000052f62b0 : ole32!AppInvoke+0x193 2e 000000000750e5a0 000007fefda18b15 : 000000000010f810 0000000000000400 0000000000000000 0000000000000000 : ole32!ComInvokeWithLockAndIPID+0x407 2f 000000000750e720 000007fefd8e9ad9 : 0000000000105f40 0000000000000000 00000000000ff008 000000000010f810 : ole32!ComInvoke+0x85 30 000000000750e750 000007fefd8e9982 : 0000000005334ca0 000000000010f818 0000000000000400 0000000000000000 : ole32!ThreadDispatch+0x29 31 000000000750e780 0000000076f5d24a : 0000000000000624 00000000000006cc 0000000000000000 0000000007a4fea0 : ole32!ThreadWndProc+0xaa 32 000000000750e800 0000000076f5d39e : 000000000750e980 000007fefd8e98d8 0000000000000000 0000000001068ae0 : USER32!UserCallWinProcCheckWow+0x1ad 33 000000000750e8c0 000007fef67e7a79 : 00000000052e9500 00000000052e9500 000007fefd8e98d8 0000000000000100 : USER32!DispatchMessageWorker+0x389 34 000000000750e940 000007fef68805ee : 00000000000f2a60 0000000000000000 0000000000000000 0000000003440880 : IEFRAME!CBrowserFrame::FrameMessagePump+0x411 35 000000000750ea00 000007fef685bd65 : 0000000000000000 0000000000062801 00000000052e9500 0000000000000000 : IEFRAME!BrowserThreadProc+0x14d 36 000000000750eaa0 000007fef685bdcf : 1012733400000001 0000000000000000 0000000000000000 0000000000000000 : IEFRAME!BrowserNewThreadProc+0x98 37 000000000750eae0 0000000076e3495d : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : IEFRAME!SHOpenFolderWindow+0x1df 38 000000000750fb90 0000000077038791 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd 39 000000000750fbc0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d

Thanks,
-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 3:47 PM
To: Kernel Debugging Interest List
Subject: [windbg] Weird stack

When I am kernel debugging on x64 and I am looking at a user-mode stack I get a lot of funky output:

RetAddr : Args to Child : Call Site
00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc cccccccccccccccc : mydll!myfunction2 00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : mydll!myfunction1
cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc 0000000000000000 : 0x2ad368 cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000 cccccccccccccccc : 0xcccccccccccccccc cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccc`cccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare VM running Windows Vista x64, SP1.

Thanks!
-Jeff


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Guess for the day - are you using ‘Edit and Continue’ with VS?

If so, I would try disabling that.

Good luck,

mm

I just checked and everything is compiled with /Zi, which is just “Program database”.

Thanks,
-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@evitechnology.com
Sent: Monday, June 22, 2009 3:59 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

Guess for the day - are you using ‘Edit and Continue’ with VS?

If so, I would try disabling that.

Good luck,

mm


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

You should just use k instead of kv on amd64 as that is completely unreadable. :frowning: (Especially on a handheld screen!)

That being said, my guess is that you have an intervening frame for which unwind information couldn’t be pulled.

Unwinding on amd64 requires reading unwind metadata for each frame. This can be problematic in kd because of things becoming paged out.

  • If part of the loaded module list is paged out, or you did not load user mode symbols beforehand, then the debugger won’t have a binary for a given frame’s RIP and unwinding will break* because no unwind metadata can be found.
  • If symbols cannot be loaded and the unwind metadata for a binary is paged out (not uncommon), then unwinding will break* because no unwind metadata can be found.
  • If you don’t have symbol load notifications enabled (or otherwise weren’t there to get the notification at the time a particular binary was loaded), and the image headers are paged out, then the debugger won’t be able to get unwind metadata and unwinding will break*.
  • If the caller was JIT’d code, then unwinding will break* in kernel mode as the kernel debugger doesn’t support loading the JIT unwind helper DLL (AFAIK).

*: I believe the debugger will treat these scenarios according to the specification for a leaf function on amd64. This is going to be incorrect for a function that isn’t a leaf function.

In your case, we see mydll!myfunction1 returning to 00000000002ad368 (your first example), or mydll!myfunc3 000000000750d9e8 (your second example), neither of which the debugger has associated with a loaded module. That means the debugger probably gets lost at those respective frames because it can’t access the unwind table for those functions.

  • S

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 12:56 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

Here is more. It appears to definitely be something to do with my PDBs as the Microsoft ones from the symbol server look correct…

Child-SP RetAddr : Args to Child : Call Site

00 000000000750d9b0 000000000750d9e8 : 000000000750d9e8 000000000750da78 000000000750d9d8 cccccccccccccccc : mydll!myfunc3
01 000000000750d9b8 000000000750d9e8 : 000000000750da78 000000000750d9d8 cccccccccccccccc 0000000007ab0d28 : 0x750d9e8
02 000000000750d9c0 000000000750da78 : 000000000750d9d8 cccccccccccccccc 0000000007ab0d28 cccccc00cccccccc : 0x750d9e8
03 000000000750d9c8 000000000750d9d8 : cccccccccccccccc 0000000007ab0d28 cccccc00cccccccc 00000001802b0268 : 0x750da78
04 000000000750d9d0 cccccccccccccccc : 0000000007ab0d28 cccccc00cccccccc 00000001802b0268 cccccccccccccccc : 0x750d9d8
05 000000000750d9d8 0000000007ab0d28 : cccccc00cccccccc 00000001802b0268 cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 06 000000000750d9e0 cccccc00cccccccc : 00000001802b0268 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0x7ab0d28 07 000000000750d9e8 00000001802b0268 : cccccccccccccccc cccccccccccccccc cccccccccccccccc fffffffffffffffe : 0xcccccc00cccccccc
08 000000000750d9f0 cccccccccccccccc : cccccccccccccccc cccccccccccccccc fffffffffffffffe 000000000750d9e8 : mydll!myfunc2
09 000000000750d9f8 cccccccccccccccc : cccccccccccccccc fffffffffffffffe 000000000750d9e8 000000000750d9e8 : 0xcccccccccccccccc 0a 000000000750da00 cccccccccccccccc : fffffffffffffffe 000000000750d9e8 000000000750d9e8 cccccccc00000000 : 0xcccccccccccccccc
0b 000000000750da08 fffffffffffffffe : 000000000750d9e8 000000000750d9e8 cccccccc00000000 cccccccccccccccc : 0xcccccccccccccccc 0c 000000000750da10 000000000750d9e8 : 000000000750d9e8 cccccccc00000000 cccccccccccccccc cccccccccccccccc : 0xfffffffffffffffe
0d 000000000750da18 000000000750d9e8 : cccccccc00000000 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0x750d9e8
0e 000000000750da20 cccccccc00000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc 000000000750dac0 : 0x750d9e8
0f 000000000750da28 cccccccccccccccc : cccccccccccccccc cccccccccccccccc 000000000750dac0 00000001800247f0 : 0xcccccccc00000000 10 000000000750da30 cccccccccccccccc : cccccccccccccccc 000000000750dac0 00000001800247f0 0000000000f6fd60 : 0xcccccccccccccccc
11 000000000750da38 cccccccccccccccc : 000000000750dac0 00000001800247f0 0000000000f6fd60 000000000750da78 : 0xcccccccccccccccc 12 000000000750da40 000000000750dac0 : 00000001800247f0 0000000000f6fd60 000000000750da78 cccccccccccccccc : 0xcccccccccccccccc
13 000000000750da48 00000001800247f0 : 0000000000f6fd60 000000000750da78 cccccccccccccccc cccccccccccccccc : 0x750dac0
14 000000000750da50 0000000000f6fd60 : 000000000750da78 cccccccccccccccc cccccccccccccccc cccccccccccccccc : mydll!myfunc1
15 000000000750da58 000000000750da78 : cccccccccccccccc cccccccccccccccc cccccccccccccccc 0000000007ab09a8 : 0xf6fd60
16 000000000750da60 cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000007ab09a8 cccccccccccccccc : 0x750da78
17 000000000750da68 cccccccccccccccc : cccccccccccccccc 0000000007ab09a8 cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 18 000000000750da70 cccccccccccccccc : 0000000007ab09a8 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
19 000000000750da78 0000000007ab09a8 : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 1a 000000000750da80 cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0x7ab09a8 1b 000000000750da88 cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc fffffffffffffffe : 0xcccccccccccccccc
1c 000000000750da90 cccccccccccccccc : cccccccccccccccc cccccccccccccccc fffffffffffffffe cccccccccccccccc : 0xcccccccccccccccc 1d 000000000750da98 cccccccccccccccc : cccccccccccccccc fffffffffffffffe cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
1e 000000000750daa0 cccccccccccccccc : fffffffffffffffe cccccccccccccccc cccccccccccccccc 0000000007a99680 : 0xcccccccccccccccc 1f 000000000750daa8 fffffffffffffffe : cccccccccccccccc cccccccccccccccc 0000000007a99680 000007fefdaf528f : 0xcccccccccccccccc
20 000000000750dab0 cccccccccccccccc : cccccccccccccccc 0000000007a99680 000007fefdaf528f 0000000000f6b760 : 0xfffffffffffffffe 21 000000000750dab8 cccccccccccccccc : 0000000007a99680 000007fefdaf528f 0000000000f6b760 0000000005e9b827 : 0xcccccccccccccccc
22 000000000750dac0 0000000007a99680 : 000007fefdaf528f 0000000000f6b760 0000000005e9b827 00000000052f62b4 : 0xcccccccccccccccc 23 000000000750dac8 000007fefdaf528f : 0000000000f6b760 0000000005e9b827 00000000052f62b4 0000000000000400 : 0x7a99680 24 000000000750dad0 000007fefdaf54d0 : 000000000750df90 000007fe05e9b827 00000000052f62b4 000000000750de80 : OLEAUT32!IDispatch_Invoke_Stub+0xcf 25 000000000750db70 000007fefdbd599c : 000007fefdb40082 000000000750df90 000007fefdb43a50 000007fefdb426d8 : OLEAUT32!IDispatch_RemoteInvoke_Thunk+0x60 26 000000000750dbe0 000007fefdc64442 : 0000000000000000 0000000007ab0798 0000000007a96200 000007fefdb625c0 : RPCRT4!NdrStubCall2+0xc0b 27 000000000750e1e0 000007fefdafb24e : 0000000000000001 0000000000000000 0000000007ab07a8 0000000007ab0770 : RPCRT4!CStdStubBuffer_Invoke+0x9a 28 000000000750e210 000007fefda18809 : 0000000000000000 0000000000000000 0000000000105f40 00000000001107a0 : OLEAUT32!CStubWrapper::Invoke+0x9e 29 000000000750e240 000007fefda1877f : 000000000010f8a0 0000000000117534 00000000001107a0 00000001801f7e48 : ole32!SyncStubInvoke+0x5d 2a 000000000750e2b0 000007fefd8e85ab : 000000000010f8a0 0000000005334ca0 0000000007a0d720 0000000000000001 : ole32!StubInvoke+0xdb 2b 000000000750e360 000007fefd8e9bf5 : cccccccc00000000 0000000000117534 0000000007ab0770 000000000010f8a0 : ole32!CCtxComChnl::ContextInvoke+0x19f 2c 000000000750e4e0 000007fefda18a83 : 0000000005334ca0 0000000000000000 0000000007a0d720 0000000000000000 : ole32!STAInvoke+0x91 2d 000000000750e530 000007fefda183b7 : 00000000d0908070 0000000005334ca0 000000000010fa30 00000000052f62b0 : ole32!AppInvoke+0x193 2e 000000000750e5a0 000007fefda18b15 : 000000000010f810 0000000000000400 0000000000000000 0000000000000000 : ole32!ComInvokeWithLockAndIPID+0x407 2f 000000000750e720 000007fefd8e9ad9 : 0000000000105f40 0000000000000000 00000000000ff008 000000000010f810 : ole32!ComInvoke+0x85 30 000000000750e750 000007fefd8e9982 : 0000000005334ca0 000000000010f818 0000000000000400 0000000000000000 : ole32!ThreadDispatch+0x29 31 000000000750e780 0000000076f5d24a : 0000000000000624 00000000000006cc 0000000000000000 0000000007a4fea0 : ole32!ThreadWndProc+0xaa 32 000000000750e800 0000000076f5d39e : 000000000750e980 000007fefd8e98d8 0000000000000000 0000000001068ae0 : USER32!UserCallWinProcCheckWow+0x1ad 33 000000000750e8c0 000007fef67e7a79 : 00000000052e9500 00000000052e9500 000007fefd8e98d8 0000000000000100 : USER32!DispatchMessageWorker+0x389 34 000000000750e940 000007fef68805ee : 00000000000f2a60 0000000000000000 0000000000000000 0000000003440880 : IEFRAME!CBrowserFrame::FrameMessagePump+0x411 35 000000000750ea00 000007fef685bd65 : 0000000000000000 0000000000062801 00000000052e9500 0000000000000000 : IEFRAME!BrowserThreadProc+0x14d 36 000000000750eaa0 000007fef685bdcf : 1012733400000001 0000000000000000 0000000000000000 0000000000000000 : IEFRAME!BrowserNewThreadProc+0x98 37 000000000750eae0 0000000076e3495d : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : IEFRAME!SHOpenFolderWindow+0x1df 38 000000000750fb90 0000000077038791 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd 39 000000000750fbc0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d

Thanks,
-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 3:47 PM
To: Kernel Debugging Interest List
Subject: [windbg] Weird stack

When I am kernel debugging on x64 and I am looking at a user-mode stack I get a lot of funky output:

RetAddr : Args to Child : Call Site
00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc cccccccccccccccc : mydll!myfunction2 00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : mydll!myfunction1
cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc 0000000000000000 : 0x2ad368 cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000 cccccccccccccccc : 0xcccccccccccccccc cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccc`cccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare VM running Windows Vista x64, SP1.

Thanks!
-Jeff


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Hmmm, well those ideas make sense, but this always happens, it isn’t a part time thing. As I step through a function the stack changes, sometimes displaying more or less levels.

How do I make sure symbol load notification is on?

Also if I do this:

Kd> k
Child-SP RetAddr Call Site
000000000b29d690 0000000002a0f360 mydll!myfunction+0x70 [my.cpp @ 128]
000000000b29d698 0000000000000000 0x2a0f360

kd> u 2a0f360
0000000002a0f360 0000 add byte ptr [rax],al 0000000002a0f362 0000 add byte ptr [rax],al
0000000002a0f364 0000 add byte ptr [rax],al 0000000002a0f366 0000 add byte ptr [rax],al

It’s pretty obvious that isn’t the actual return address. It looks like the PDBs aren’t matching the stack properly, but they are the correct PDBs.

It’s also worth pointing out my host machine is x86 hosting an x64 VM. So I am running Windbg x86.

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Skywing
Sent: Monday, June 22, 2009 4:22 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

You should just use k instead of kv on amd64 as that is completely unreadable. :frowning: (Especially on a handheld screen!)

That being said, my guess is that you have an intervening frame for which unwind information couldn’t be pulled.

Unwinding on amd64 requires reading unwind metadata for each frame. This can be problematic in kd because of things becoming paged out.

  • If part of the loaded module list is paged out, or you did not load user mode symbols beforehand, then the debugger won’t have a binary for a given frame’s RIP and unwinding will break* because no unwind metadata can be found.
  • If symbols cannot be loaded and the unwind metadata for a binary is paged out (not uncommon), then unwinding will break* because no unwind metadata can be found.
  • If you don’t have symbol load notifications enabled (or otherwise weren’t there to get the notification at the time a particular binary was loaded), and the image headers are paged out, then the debugger won’t be able to get unwind metadata and unwinding will break*.
  • If the caller was JIT’d code, then unwinding will break* in kernel mode as the kernel debugger doesn’t support loading the JIT unwind helper DLL (AFAIK).

*: I believe the debugger will treat these scenarios according to the specification for a leaf function on amd64. This is going to be incorrect for a function that isn’t a leaf function.

In your case, we see mydll!myfunction1 returning to 00000000002ad368 (your first example), or mydll!myfunc3 000000000750d9e8 (your second example), neither of which the debugger has associated with a loaded module. That means the debugger probably gets lost at those respective frames because it can’t access the unwind table for those functions.

  • S

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 12:56 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

Here is more. It appears to definitely be something to do with my PDBs as the Microsoft ones from the symbol server look correct…

Child-SP RetAddr : Args to Child : Call Site

00 000000000750d9b0 000000000750d9e8 : 000000000750d9e8 000000000750da78 000000000750d9d8 cccccccccccccccc : mydll!myfunc3
01 000000000750d9b8 000000000750d9e8 : 000000000750da78 000000000750d9d8 cccccccccccccccc 0000000007ab0d28 : 0x750d9e8
02 000000000750d9c0 000000000750da78 : 000000000750d9d8 cccccccccccccccc 0000000007ab0d28 cccccc00cccccccc : 0x750d9e8
03 000000000750d9c8 000000000750d9d8 : cccccccccccccccc 0000000007ab0d28 cccccc00cccccccc 00000001802b0268 : 0x750da78
04 000000000750d9d0 cccccccccccccccc : 0000000007ab0d28 cccccc00cccccccc 00000001802b0268 cccccccccccccccc : 0x750d9d8
05 000000000750d9d8 0000000007ab0d28 : cccccc00cccccccc 00000001802b0268 cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 06 000000000750d9e0 cccccc00cccccccc : 00000001802b0268 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0x7ab0d28 07 000000000750d9e8 00000001802b0268 : cccccccccccccccc cccccccccccccccc cccccccccccccccc fffffffffffffffe : 0xcccccc00cccccccc
08 000000000750d9f0 cccccccccccccccc : cccccccccccccccc cccccccccccccccc fffffffffffffffe 000000000750d9e8 : mydll!myfunc2
09 000000000750d9f8 cccccccccccccccc : cccccccccccccccc fffffffffffffffe 000000000750d9e8 000000000750d9e8 : 0xcccccccccccccccc 0a 000000000750da00 cccccccccccccccc : fffffffffffffffe 000000000750d9e8 000000000750d9e8 cccccccc00000000 : 0xcccccccccccccccc
0b 000000000750da08 fffffffffffffffe : 000000000750d9e8 000000000750d9e8 cccccccc00000000 cccccccccccccccc : 0xcccccccccccccccc 0c 000000000750da10 000000000750d9e8 : 000000000750d9e8 cccccccc00000000 cccccccccccccccc cccccccccccccccc : 0xfffffffffffffffe
0d 000000000750da18 000000000750d9e8 : cccccccc00000000 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0x750d9e8
0e 000000000750da20 cccccccc00000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc 000000000750dac0 : 0x750d9e8
0f 000000000750da28 cccccccccccccccc : cccccccccccccccc cccccccccccccccc 000000000750dac0 00000001800247f0 : 0xcccccccc00000000 10 000000000750da30 cccccccccccccccc : cccccccccccccccc 000000000750dac0 00000001800247f0 0000000000f6fd60 : 0xcccccccccccccccc
11 000000000750da38 cccccccccccccccc : 000000000750dac0 00000001800247f0 0000000000f6fd60 000000000750da78 : 0xcccccccccccccccc 12 000000000750da40 000000000750dac0 : 00000001800247f0 0000000000f6fd60 000000000750da78 cccccccccccccccc : 0xcccccccccccccccc
13 000000000750da48 00000001800247f0 : 0000000000f6fd60 000000000750da78 cccccccccccccccc cccccccccccccccc : 0x750dac0
14 000000000750da50 0000000000f6fd60 : 000000000750da78 cccccccccccccccc cccccccccccccccc cccccccccccccccc : mydll!myfunc1
15 000000000750da58 000000000750da78 : cccccccccccccccc cccccccccccccccc cccccccccccccccc 0000000007ab09a8 : 0xf6fd60
16 000000000750da60 cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000007ab09a8 cccccccccccccccc : 0x750da78
17 000000000750da68 cccccccccccccccc : cccccccccccccccc 0000000007ab09a8 cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 18 000000000750da70 cccccccccccccccc : 0000000007ab09a8 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
19 000000000750da78 0000000007ab09a8 : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 1a 000000000750da80 cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0x7ab09a8 1b 000000000750da88 cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc fffffffffffffffe : 0xcccccccccccccccc
1c 000000000750da90 cccccccccccccccc : cccccccccccccccc cccccccccccccccc fffffffffffffffe cccccccccccccccc : 0xcccccccccccccccc 1d 000000000750da98 cccccccccccccccc : cccccccccccccccc fffffffffffffffe cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
1e 000000000750daa0 cccccccccccccccc : fffffffffffffffe cccccccccccccccc cccccccccccccccc 0000000007a99680 : 0xcccccccccccccccc 1f 000000000750daa8 fffffffffffffffe : cccccccccccccccc cccccccccccccccc 0000000007a99680 000007fefdaf528f : 0xcccccccccccccccc
20 000000000750dab0 cccccccccccccccc : cccccccccccccccc 0000000007a99680 000007fefdaf528f 0000000000f6b760 : 0xfffffffffffffffe 21 000000000750dab8 cccccccccccccccc : 0000000007a99680 000007fefdaf528f 0000000000f6b760 0000000005e9b827 : 0xcccccccccccccccc
22 000000000750dac0 0000000007a99680 : 000007fefdaf528f 0000000000f6b760 0000000005e9b827 00000000052f62b4 : 0xcccccccccccccccc 23 000000000750dac8 000007fefdaf528f : 0000000000f6b760 0000000005e9b827 00000000052f62b4 0000000000000400 : 0x7a99680 24 000000000750dad0 000007fefdaf54d0 : 000000000750df90 000007fe05e9b827 00000000052f62b4 000000000750de80 : OLEAUT32!IDispatch_Invoke_Stub+0xcf 25 000000000750db70 000007fefdbd599c : 000007fefdb40082 000000000750df90 000007fefdb43a50 000007fefdb426d8 : OLEAUT32!IDispatch_RemoteInvoke_Thunk+0x60 26 000000000750dbe0 000007fefdc64442 : 0000000000000000 0000000007ab0798 0000000007a96200 000007fefdb625c0 : RPCRT4!NdrStubCall2+0xc0b 27 000000000750e1e0 000007fefdafb24e : 0000000000000001 0000000000000000 0000000007ab07a8 0000000007ab0770 : RPCRT4!CStdStubBuffer_Invoke+0x9a 28 000000000750e210 000007fefda18809 : 0000000000000000 0000000000000000 0000000000105f40 00000000001107a0 : OLEAUT32!CStubWrapper::Invoke+0x9e 29 000000000750e240 000007fefda1877f : 000000000010f8a0 0000000000117534 00000000001107a0 00000001801f7e48 : ole32!SyncStubInvoke+0x5d 2a 000000000750e2b0 000007fefd8e85ab : 000000000010f8a0 0000000005334ca0 0000000007a0d720 0000000000000001 : ole32!StubInvoke+0xdb 2b 000000000750e360 000007fefd8e9bf5 : cccccccc00000000 0000000000117534 0000000007ab0770 000000000010f8a0 : ole32!CCtxComChnl::ContextInvoke+0x19f 2c 000000000750e4e0 000007fefda18a83 : 0000000005334ca0 0000000000000000 0000000007a0d720 0000000000000000 : ole32!STAInvoke+0x91 2d 000000000750e530 000007fefda183b7 : 00000000d0908070 0000000005334ca0 000000000010fa30 00000000052f62b0 : ole32!AppInvoke+0x193 2e 000000000750e5a0 000007fefda18b15 : 000000000010f810 0000000000000400 0000000000000000 0000000000000000 : ole32!ComInvokeWithLockAndIPID+0x407 2f 000000000750e720 000007fefd8e9ad9 : 0000000000105f40 0000000000000000 00000000000ff008 000000000010f810 : ole32!ComInvoke+0x85 30 000000000750e750 000007fefd8e9982 : 0000000005334ca0 000000000010f818 0000000000000400 0000000000000000 : ole32!ThreadDispatch+0x29 31 000000000750e780 0000000076f5d24a : 0000000000000624 00000000000006cc 0000000000000000 0000000007a4fea0 : ole32!ThreadWndProc+0xaa 32 000000000750e800 0000000076f5d39e : 000000000750e980 000007fefd8e98d8 0000000000000000 0000000001068ae0 : USER32!UserCallWinProcCheckWow+0x1ad 33 000000000750e8c0 000007fef67e7a79 : 00000000052e9500 00000000052e9500 000007fefd8e98d8 0000000000000100 : USER32!DispatchMessageWorker+0x389 34 000000000750e940 000007fef68805ee : 00000000000f2a60 0000000000000000 0000000000000000 0000000003440880 : IEFRAME!CBrowserFrame::FrameMessagePump+0x411 35 000000000750ea00 000007fef685bd65 : 0000000000000000 0000000000062801 00000000052e9500 0000000000000000 : IEFRAME!BrowserThreadProc+0x14d 36 000000000750eaa0 000007fef685bdcf : 1012733400000001 0000000000000000 0000000000000000 0000000000000000 : IEFRAME!BrowserNewThreadProc+0x98 37 000000000750eae0 0000000076e3495d : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : IEFRAME!SHOpenFolderWindow+0x1df 38 000000000750fb90 0000000077038791 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd 39 000000000750fbc0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d

Thanks,
-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 3:47 PM
To: Kernel Debugging Interest List
Subject: [windbg] Weird stack

When I am kernel debugging on x64 and I am looking at a user-mode stack I get a lot of funky output:

RetAddr : Args to Child : Call Site
00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc cccccccccccccccc : mydll!myfunction2 00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : mydll!myfunction1
cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc 0000000000000000 : 0x2ad368 cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000 cccccccccccccccc : 0xcccccccccccccccc cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc 0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc cccccccccccccccc : 0xcccccccc`cccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare VM running Windows Vista x64, SP1.

Thanks!
-Jeff


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

“Skywing” wrote in message
news:xxxxx@windbg…
>You should just use k instead of kv on amd64 as that is completely
>unreadable.

It’s important to have a really wide monitor when dealing with x64 dumps :slight_smile:

I’m also entirely addicted to “kc” now, which shows a much more reasonable
call stack:

0: kd> kc
Call Site
intelppm!C1Halt
intelppm!AcpiC1Idle
nt!PopProcessorIdle
nt!KiIdleLoop
nt!KiSystemStartup
0x0

“Jeff Curless” wrote in message news:xxxxx@windbg…
>Also if I do this:

>Kd> k
>Child-SP RetAddr Call Site
>000000000b29d690 0000000002a0f360 mydll!myfunction+0x70 [my.cpp @ 128]
>000000000b29d698 0000000000000000 0x2a0f360

Very weird. If you do a

.fnent mydll!myfunction

Do you get a result?

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Skywing” wrote in message
news:xxxxx@windbg…
You should just use k instead of kv on amd64 as that is completely
unreadable. :frowning: (Especially on a handheld screen!)

That being said, my guess is that you have an intervening frame for which
unwind information couldn’t be pulled.

Unwinding on amd64 requires reading unwind metadata for each frame. This
can be problematic in kd because of things becoming paged out.

- If part of the loaded module list is paged out, or you did not load user
mode symbols beforehand, then the debugger won’t have a binary for a given
frame’s RIP and unwinding will break* because no unwind metadata can be
found.
- If symbols cannot be loaded and the unwind metadata for a binary is paged
out (not uncommon), then unwinding will break* because no unwind metadata
can be found.
- If you don’t have symbol load notifications enabled (or otherwise weren’t
there to get the notification at the time a particular binary was loaded),
and the image headers are paged out, then the debugger won’t be able to get
unwind metadata and unwinding will break*.
- If the caller was JIT’d code, then unwinding will break* in kernel mode as
the kernel debugger doesn’t support loading the JIT unwind helper DLL
(AFAIK).

*: I believe the debugger will treat these scenarios according to the
specification for a leaf function on amd64. This is going to be incorrect
for a function that isn’t a leaf function.

In your case, we see mydll!myfunction1 returning to 00000000002ad368 (your <br>first example), or mydll!myfunc3 000000000750d9e8 (your second example),
neither of which the debugger has associated with a loaded module. That
means the debugger probably gets lost at those respective frames because it
can’t access the unwind table for those functions.

- S

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 12:56 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

Here is more. It appears to definitely be something to do with my PDBs as
the Microsoft ones from the symbol server look correct…

# Child-SP RetAddr : Args to Child
: Call Site
00 000000000750d9b0 000000000750d9e8 : 000000000750d9e8 000000000750da78
000000000750d9d8 cccccccccccccccc : mydll!myfunc3
01 000000000750d9b8 000000000750d9e8 : 000000000750da78 000000000750d9d8
cccccccccccccccc 0000000007ab0d28 : 0x750d9e8
02 000000000750d9c0 000000000750da78 : 000000000750d9d8 cccccccccccccccc
0000000007ab0d28 cccccc00cccccccc : 0x750d9e8
03 000000000750d9c8 000000000750d9d8 : cccccccccccccccc 0000000007ab0d28
cccccc00cccccccc 00000001802b0268 : 0x750da78
04 000000000750d9d0 cccccccccccccccc : 0000000007ab0d28 cccccc00cccccccc
00000001802b0268 cccccccccccccccc : 0x750d9d8
05 000000000750d9d8 0000000007ab0d28 : cccccc00cccccccc 00000001802b0268
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>06 000000000750d9e0 cccccc00cccccccc : 00000001802b0268 cccccccccccccccc <br>cccccccccccccccc cccccccccccccccc : 0x7ab0d28<br>07 000000000750d9e8 00000001802b0268 : cccccccccccccccc cccccccccccccccc <br>cccccccccccccccc fffffffffffffffe : 0xcccccc00cccccccc
08 000000000750d9f0 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
fffffffffffffffe 000000000750d9e8 : mydll!myfunc2
09 000000000750d9f8 cccccccccccccccc : cccccccccccccccc fffffffffffffffe
000000000750d9e8 000000000750d9e8 : 0xcccccccccccccccc<br>0a 000000000750da00 cccccccccccccccc : fffffffffffffffe 000000000750d9e8 <br>000000000750d9e8 cccccccc00000000 : 0xcccccccccccccccc
0b 000000000750da08 fffffffffffffffe : 000000000750d9e8 000000000750d9e8
cccccccc00000000 cccccccccccccccc : 0xcccccccccccccccc<br>0c 000000000750da10 000000000750d9e8 : 000000000750d9e8 cccccccc00000000 <br>cccccccccccccccc cccccccccccccccc : 0xfffffffffffffffe
0d 000000000750da18 000000000750d9e8 : cccccccc00000000 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0x750d9e8
0e 000000000750da20 cccccccc00000000 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc 000000000750dac0 : 0x750d9e8
0f 000000000750da28 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
000000000750dac0 00000001800247f0 : 0xcccccccc00000000<br>10 000000000750da30 cccccccccccccccc : cccccccccccccccc 000000000750dac0 <br>00000001800247f0 0000000000f6fd60 : 0xcccccccccccccccc
11 000000000750da38 cccccccccccccccc : 000000000750dac0 00000001800247f0
0000000000f6fd60 000000000750da78 : 0xcccccccccccccccc<br>12 000000000750da40 000000000750dac0 : 00000001800247f0 0000000000f6fd60 <br>000000000750da78 cccccccccccccccc : 0xcccccccccccccccc
13 000000000750da48 00000001800247f0 : 0000000000f6fd60 000000000750da78
cccccccccccccccc cccccccccccccccc : 0x750dac0
14 000000000750da50 0000000000f6fd60 : 000000000750da78 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : mydll!myfunc1
15 000000000750da58 000000000750da78 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc 0000000007ab09a8 : 0xf6fd60
16 000000000750da60 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
0000000007ab09a8 cccccccccccccccc : 0x750da78
17 000000000750da68 cccccccccccccccc : cccccccccccccccc 0000000007ab09a8
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>18 000000000750da70 cccccccccccccccc : 0000000007ab09a8 cccccccccccccccc <br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
19 000000000750da78 0000000007ab09a8 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>1a 000000000750da80 cccccccccccccccc : cccccccccccccccc cccccccccccccccc <br>cccccccccccccccc cccccccccccccccc : 0x7ab09a8<br>1b 000000000750da88 cccccccccccccccc : cccccccccccccccc cccccccccccccccc <br>cccccccccccccccc fffffffffffffffe : 0xcccccccccccccccc
1c 000000000750da90 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
fffffffffffffffe cccccccccccccccc : 0xcccccccccccccccc<br>1d 000000000750da98 cccccccccccccccc : cccccccccccccccc fffffffffffffffe <br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
1e 000000000750daa0 cccccccccccccccc : fffffffffffffffe cccccccccccccccc
cccccccccccccccc 0000000007a99680 : 0xcccccccccccccccc<br>1f 000000000750daa8 fffffffffffffffe : cccccccccccccccc cccccccccccccccc <br>0000000007a99680 000007fefdaf528f : 0xcccccccccccccccc
20 000000000750dab0 cccccccccccccccc : cccccccccccccccc 0000000007a99680
000007fefdaf528f 0000000000f6b760 : 0xfffffffffffffffe<br>21 000000000750dab8 cccccccccccccccc : 0000000007a99680 000007fefdaf528f <br>0000000000f6b760 0000000005e9b827 : 0xcccccccccccccccc
22 000000000750dac0 0000000007a99680 : 000007fefdaf528f 0000000000f6b760
0000000005e9b827 00000000052f62b4 : 0xcccccccccccccccc<br>23 000000000750dac8 000007fefdaf528f : 0000000000f6b760 0000000005e9b827 <br>00000000052f62b4 0000000000000400 : 0x7a99680<br>24 000000000750dad0 000007fefdaf54d0 : 000000000750df90 000007fe05e9b827 <br>00000000052f62b4 000000000750de80 : OLEAUT32!IDispatch_Invoke_Stub+0xcf<br>25 000000000750db70 000007fefdbd599c : 000007fefdb40082 000000000750df90 <br>000007fefdb43a50 000007fefdb426d8 : <br>OLEAUT32!IDispatch_RemoteInvoke_Thunk+0x60<br>26 000000000750dbe0 000007fefdc64442 : 0000000000000000 0000000007ab0798 <br>0000000007a96200 000007fefdb625c0 : RPCRT4!NdrStubCall2+0xc0b<br>27 000000000750e1e0 000007fefdafb24e : 0000000000000001 0000000000000000 <br>0000000007ab07a8 0000000007ab0770 : RPCRT4!CStdStubBuffer_Invoke+0x9a<br>28 000000000750e210 000007fefda18809 : 0000000000000000 0000000000000000 <br>0000000000105f40 00000000001107a0 : OLEAUT32!CStubWrapper::Invoke+0x9e<br>29 000000000750e240 000007fefda1877f : 000000000010f8a0 0000000000117534 <br>00000000001107a0 00000001801f7e48 : ole32!SyncStubInvoke+0x5d<br>2a 000000000750e2b0 000007fefd8e85ab : 000000000010f8a0 0000000005334ca0 <br>0000000007a0d720 0000000000000001 : ole32!StubInvoke+0xdb<br>2b 000000000750e360 000007fefd8e9bf5 : cccccccc00000000 0000000000117534 <br>0000000007ab0770 000000000010f8a0 : ole32!CCtxComChnl::ContextInvoke+0x19f<br>2c 000000000750e4e0 000007fefda18a83 : 0000000005334ca0 0000000000000000 <br>0000000007a0d720 0000000000000000 : ole32!STAInvoke+0x91<br>2d 000000000750e530 000007fefda183b7 : 00000000d0908070 0000000005334ca0 <br>000000000010fa30 00000000052f62b0 : ole32!AppInvoke+0x193<br>2e 000000000750e5a0 000007fefda18b15 : 000000000010f810 0000000000000400 <br>0000000000000000 0000000000000000 : ole32!ComInvokeWithLockAndIPID+0x407<br>2f 000000000750e720 000007fefd8e9ad9 : 0000000000105f40 0000000000000000 <br>00000000000ff008 000000000010f810 : ole32!ComInvoke+0x85<br>30 000000000750e750 000007fefd8e9982 : 0000000005334ca0 000000000010f818 <br>0000000000000400 0000000000000000 : ole32!ThreadDispatch+0x29<br>31 000000000750e780 0000000076f5d24a : 0000000000000624 00000000000006cc <br>0000000000000000 0000000007a4fea0 : ole32!ThreadWndProc+0xaa<br>32 000000000750e800 0000000076f5d39e : 000000000750e980 000007fefd8e98d8 <br>0000000000000000 0000000001068ae0 : USER32!UserCallWinProcCheckWow+0x1ad<br>33 000000000750e8c0 000007fef67e7a79 : 00000000052e9500 00000000052e9500 <br>000007fefd8e98d8 0000000000000100 : USER32!DispatchMessageWorker+0x389<br>34 000000000750e940 000007fef68805ee : 00000000000f2a60 0000000000000000 <br>0000000000000000 0000000003440880 : <br>IEFRAME!CBrowserFrame::FrameMessagePump+0x411<br>35 000000000750ea00 000007fef685bd65 : 0000000000000000 0000000000062801 <br>00000000052e9500 0000000000000000 : IEFRAME!BrowserThreadProc+0x14d<br>36 000000000750eaa0 000007fef685bdcf : 1012733400000001 0000000000000000 <br>0000000000000000 0000000000000000 : IEFRAME!BrowserNewThreadProc+0x98<br>37 000000000750eae0 0000000076e3495d : 0000000000000000 0000000000000000 <br>0000000000000000 0000000000000000 : IEFRAME!SHOpenFolderWindow+0x1df<br>38 000000000750fb90 0000000077038791 : 0000000000000000 0000000000000000 <br>0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd<br>39 000000000750fbc0 0000000000000000 : 0000000000000000 0000000000000000 <br>0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d<br><br>Thanks,<br>-Jeff<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com <br>[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless<br>Sent: Monday, June 22, 2009 3:47 PM<br>To: Kernel Debugging Interest List<br>Subject: [windbg] Weird stack<br><br>When I am kernel debugging on x64 and I am looking at a user-mode stack I <br>get a lot of funky output:<br><br>RetAddr : Args to Child <br>: Call Site<br>00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc <br>cccccccccccccccc : mydll!myfunction2
00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc
cccccccccccccccc : mydll!myfunction1<br>cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc <br>0000000000000000 : 0x2ad368
cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000
cccccccccccccccc : 0xcccccccccccccccc
cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc
cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc
0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone
else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare
VM running Windows Vista x64, SP1.

Thanks!
-Jeff


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

No I don’t:

kd> .fnent mydll!myfunc
No function entry for 00000001`800515f0

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: Monday, June 22, 2009 4:53 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] Weird stack

“Skywing” wrote in message
news:xxxxx@windbg…
>You should just use k instead of kv on amd64 as that is completely
>unreadable.

It’s important to have a really wide monitor when dealing with x64 dumps :slight_smile:

I’m also entirely addicted to “kc” now, which shows a much more reasonable
call stack:

0: kd> kc
Call Site
intelppm!C1Halt
intelppm!AcpiC1Idle
nt!PopProcessorIdle
nt!KiIdleLoop
nt!KiSystemStartup
0x0

“Jeff Curless” wrote in message news:xxxxx@windbg…
>Also if I do this:

>Kd> k
>Child-SP RetAddr Call Site
>000000000b29d690 0000000002a0f360 mydll!myfunction+0x70 [my.cpp @ 128]
>000000000b29d698 0000000000000000 0x2a0f360

Very weird. If you do a

.fnent mydll!myfunction

Do you get a result?

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Skywing” wrote in message
news:xxxxx@windbg…
You should just use k instead of kv on amd64 as that is completely
unreadable. :frowning: (Especially on a handheld screen!)

That being said, my guess is that you have an intervening frame for which
unwind information couldn’t be pulled.

Unwinding on amd64 requires reading unwind metadata for each frame. This
can be problematic in kd because of things becoming paged out.

- If part of the loaded module list is paged out, or you did not load user
mode symbols beforehand, then the debugger won’t have a binary for a given
frame’s RIP and unwinding will break* because no unwind metadata can be
found.
- If symbols cannot be loaded and the unwind metadata for a binary is paged
out (not uncommon), then unwinding will break* because no unwind metadata
can be found.
- If you don’t have symbol load notifications enabled (or otherwise weren’t
there to get the notification at the time a particular binary was loaded),
and the image headers are paged out, then the debugger won’t be able to get
unwind metadata and unwinding will break*.
- If the caller was JIT’d code, then unwinding will break* in kernel mode as
the kernel debugger doesn’t support loading the JIT unwind helper DLL
(AFAIK).

*: I believe the debugger will treat these scenarios according to the
specification for a leaf function on amd64. This is going to be incorrect
for a function that isn’t a leaf function.

In your case, we see mydll!myfunction1 returning to 00000000002ad368 (your <br>first example), or mydll!myfunc3 000000000750d9e8 (your second example),
neither of which the debugger has associated with a loaded module. That
means the debugger probably gets lost at those respective frames because it
can’t access the unwind table for those functions.

- S

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 12:56 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

Here is more. It appears to definitely be something to do with my PDBs as
the Microsoft ones from the symbol server look correct…

# Child-SP RetAddr : Args to Child
: Call Site
00 000000000750d9b0 000000000750d9e8 : 000000000750d9e8 000000000750da78
000000000750d9d8 cccccccccccccccc : mydll!myfunc3
01 000000000750d9b8 000000000750d9e8 : 000000000750da78 000000000750d9d8
cccccccccccccccc 0000000007ab0d28 : 0x750d9e8
02 000000000750d9c0 000000000750da78 : 000000000750d9d8 cccccccccccccccc
0000000007ab0d28 cccccc00cccccccc : 0x750d9e8
03 000000000750d9c8 000000000750d9d8 : cccccccccccccccc 0000000007ab0d28
cccccc00cccccccc 00000001802b0268 : 0x750da78
04 000000000750d9d0 cccccccccccccccc : 0000000007ab0d28 cccccc00cccccccc
00000001802b0268 cccccccccccccccc : 0x750d9d8
05 000000000750d9d8 0000000007ab0d28 : cccccc00cccccccc 00000001802b0268
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>06 000000000750d9e0 cccccc00cccccccc : 00000001802b0268 cccccccccccccccc <br>cccccccccccccccc cccccccccccccccc : 0x7ab0d28<br>07 000000000750d9e8 00000001802b0268 : cccccccccccccccc cccccccccccccccc <br>cccccccccccccccc fffffffffffffffe : 0xcccccc00cccccccc
08 000000000750d9f0 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
fffffffffffffffe 000000000750d9e8 : mydll!myfunc2
09 000000000750d9f8 cccccccccccccccc : cccccccccccccccc fffffffffffffffe
000000000750d9e8 000000000750d9e8 : 0xcccccccccccccccc<br>0a 000000000750da00 cccccccccccccccc : fffffffffffffffe 000000000750d9e8 <br>000000000750d9e8 cccccccc00000000 : 0xcccccccccccccccc
0b 000000000750da08 fffffffffffffffe : 000000000750d9e8 000000000750d9e8
cccccccc00000000 cccccccccccccccc : 0xcccccccccccccccc<br>0c 000000000750da10 000000000750d9e8 : 000000000750d9e8 cccccccc00000000 <br>cccccccccccccccc cccccccccccccccc : 0xfffffffffffffffe
0d 000000000750da18 000000000750d9e8 : cccccccc00000000 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0x750d9e8
0e 000000000750da20 cccccccc00000000 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc 000000000750dac0 : 0x750d9e8
0f 000000000750da28 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
000000000750dac0 00000001800247f0 : 0xcccccccc00000000<br>10 000000000750da30 cccccccccccccccc : cccccccccccccccc 000000000750dac0 <br>00000001800247f0 0000000000f6fd60 : 0xcccccccccccccccc
11 000000000750da38 cccccccccccccccc : 000000000750dac0 00000001800247f0
0000000000f6fd60 000000000750da78 : 0xcccccccccccccccc<br>12 000000000750da40 000000000750dac0 : 00000001800247f0 0000000000f6fd60 <br>000000000750da78 cccccccccccccccc : 0xcccccccccccccccc
13 000000000750da48 00000001800247f0 : 0000000000f6fd60 000000000750da78
cccccccccccccccc cccccccccccccccc : 0x750dac0
14 000000000750da50 0000000000f6fd60 : 000000000750da78 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : mydll!myfunc1
15 000000000750da58 000000000750da78 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc 0000000007ab09a8 : 0xf6fd60
16 000000000750da60 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
0000000007ab09a8 cccccccccccccccc : 0x750da78
17 000000000750da68 cccccccccccccccc : cccccccccccccccc 0000000007ab09a8
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>18 000000000750da70 cccccccccccccccc : 0000000007ab09a8 cccccccccccccccc <br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
19 000000000750da78 0000000007ab09a8 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>1a 000000000750da80 cccccccccccccccc : cccccccccccccccc cccccccccccccccc <br>cccccccccccccccc cccccccccccccccc : 0x7ab09a8<br>1b 000000000750da88 cccccccccccccccc : cccccccccccccccc cccccccccccccccc <br>cccccccccccccccc fffffffffffffffe : 0xcccccccccccccccc
1c 000000000750da90 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
fffffffffffffffe cccccccccccccccc : 0xcccccccccccccccc<br>1d 000000000750da98 cccccccccccccccc : cccccccccccccccc fffffffffffffffe <br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
1e 000000000750daa0 cccccccccccccccc : fffffffffffffffe cccccccccccccccc
cccccccccccccccc 0000000007a99680 : 0xcccccccccccccccc<br>1f 000000000750daa8 fffffffffffffffe : cccccccccccccccc cccccccccccccccc <br>0000000007a99680 000007fefdaf528f : 0xcccccccccccccccc
20 000000000750dab0 cccccccccccccccc : cccccccccccccccc 0000000007a99680
000007fefdaf528f 0000000000f6b760 : 0xfffffffffffffffe<br>21 000000000750dab8 cccccccccccccccc : 0000000007a99680 000007fefdaf528f <br>0000000000f6b760 0000000005e9b827 : 0xcccccccccccccccc
22 000000000750dac0 0000000007a99680 : 000007fefdaf528f 0000000000f6b760
0000000005e9b827 00000000052f62b4 : 0xcccccccccccccccc<br>23 000000000750dac8 000007fefdaf528f : 0000000000f6b760 0000000005e9b827 <br>00000000052f62b4 0000000000000400 : 0x7a99680<br>24 000000000750dad0 000007fefdaf54d0 : 000000000750df90 000007fe05e9b827 <br>00000000052f62b4 000000000750de80 : OLEAUT32!IDispatch_Invoke_Stub+0xcf<br>25 000000000750db70 000007fefdbd599c : 000007fefdb40082 000000000750df90 <br>000007fefdb43a50 000007fefdb426d8 : <br>OLEAUT32!IDispatch_RemoteInvoke_Thunk+0x60<br>26 000000000750dbe0 000007fefdc64442 : 0000000000000000 0000000007ab0798 <br>0000000007a96200 000007fefdb625c0 : RPCRT4!NdrStubCall2+0xc0b<br>27 000000000750e1e0 000007fefdafb24e : 0000000000000001 0000000000000000 <br>0000000007ab07a8 0000000007ab0770 : RPCRT4!CStdStubBuffer_Invoke+0x9a<br>28 000000000750e210 000007fefda18809 : 0000000000000000 0000000000000000 <br>0000000000105f40 00000000001107a0 : OLEAUT32!CStubWrapper::Invoke+0x9e<br>29 000000000750e240 000007fefda1877f : 000000000010f8a0 0000000000117534 <br>00000000001107a0 00000001801f7e48 : ole32!SyncStubInvoke+0x5d<br>2a 000000000750e2b0 000007fefd8e85ab : 000000000010f8a0 0000000005334ca0 <br>0000000007a0d720 0000000000000001 : ole32!StubInvoke+0xdb<br>2b 000000000750e360 000007fefd8e9bf5 : cccccccc00000000 0000000000117534 <br>0000000007ab0770 000000000010f8a0 : ole32!CCtxComChnl::ContextInvoke+0x19f<br>2c 000000000750e4e0 000007fefda18a83 : 0000000005334ca0 0000000000000000 <br>0000000007a0d720 0000000000000000 : ole32!STAInvoke+0x91<br>2d 000000000750e530 000007fefda183b7 : 00000000d0908070 0000000005334ca0 <br>000000000010fa30 00000000052f62b0 : ole32!AppInvoke+0x193<br>2e 000000000750e5a0 000007fefda18b15 : 000000000010f810 0000000000000400 <br>0000000000000000 0000000000000000 : ole32!ComInvokeWithLockAndIPID+0x407<br>2f 000000000750e720 000007fefd8e9ad9 : 0000000000105f40 0000000000000000 <br>00000000000ff008 000000000010f810 : ole32!ComInvoke+0x85<br>30 000000000750e750 000007fefd8e9982 : 0000000005334ca0 000000000010f818 <br>0000000000000400 0000000000000000 : ole32!ThreadDispatch+0x29<br>31 000000000750e780 0000000076f5d24a : 0000000000000624 00000000000006cc <br>0000000000000000 0000000007a4fea0 : ole32!ThreadWndProc+0xaa<br>32 000000000750e800 0000000076f5d39e : 000000000750e980 000007fefd8e98d8 <br>0000000000000000 0000000001068ae0 : USER32!UserCallWinProcCheckWow+0x1ad<br>33 000000000750e8c0 000007fef67e7a79 : 00000000052e9500 00000000052e9500 <br>000007fefd8e98d8 0000000000000100 : USER32!DispatchMessageWorker+0x389<br>34 000000000750e940 000007fef68805ee : 00000000000f2a60 0000000000000000 <br>0000000000000000 0000000003440880 : <br>IEFRAME!CBrowserFrame::FrameMessagePump+0x411<br>35 000000000750ea00 000007fef685bd65 : 0000000000000000 0000000000062801 <br>00000000052e9500 0000000000000000 : IEFRAME!BrowserThreadProc+0x14d<br>36 000000000750eaa0 000007fef685bdcf : 1012733400000001 0000000000000000 <br>0000000000000000 0000000000000000 : IEFRAME!BrowserNewThreadProc+0x98<br>37 000000000750eae0 0000000076e3495d : 0000000000000000 0000000000000000 <br>0000000000000000 0000000000000000 : IEFRAME!SHOpenFolderWindow+0x1df<br>38 000000000750fb90 0000000077038791 : 0000000000000000 0000000000000000 <br>0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd<br>39 000000000750fbc0 0000000000000000 : 0000000000000000 0000000000000000 <br>0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d<br><br>Thanks,<br>-Jeff<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com <br>[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless<br>Sent: Monday, June 22, 2009 3:47 PM<br>To: Kernel Debugging Interest List<br>Subject: [windbg] Weird stack<br><br>When I am kernel debugging on x64 and I am looking at a user-mode stack I <br>get a lot of funky output:<br><br>RetAddr : Args to Child <br>: Call Site<br>00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc <br>cccccccccccccccc : mydll!myfunction2
00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc
cccccccccccccccc : mydll!myfunction1<br>cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc <br>0000000000000000 : 0x2ad368
cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000
cccccccccccccccc : 0xcccccccccccccccc
cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc
cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc
0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone
else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare
VM running Windows Vista x64, SP1.

Thanks!
-Jeff


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

What does the prolog of the routine look like? Does it make any stack
adjustments (pushes, sub rsp, etc)?

Also, if you run the code under the VS2008 debugger do you get a reasonable
call stack?

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Jeff Curless” wrote in message news:xxxxx@windbg…
No I don’t:

kd> .fnent mydll!myfunc
No function entry for 00000001800515f0<br><br>-Jeff<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com <br>[mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone<br>Sent: Monday, June 22, 2009 4:53 PM<br>To: Kernel Debugging Interest List<br>Subject: Re:[windbg] Weird stack<br><br>"Skywing" <xxxxx> wrote in message<br>news:xxxxx@windbg...<br>&gt;You should just use k instead of kv on amd64 as that is completely<br>&gt;unreadable.<br><br>It's important to have a really wide monitor when dealing with x64 dumps :)<br><br>I'm also entirely addicted to "kc" now, which shows a much more reasonable<br>call stack:<br><br>0: kd&gt; kc<br>Call Site<br>intelppm!C1Halt<br>intelppm!AcpiC1Idle<br>nt!PopProcessorIdle<br>nt!KiIdleLoop<br>nt!KiSystemStartup<br>0x0<br><br>"Jeff Curless" <xxxxx> wrote in message news:xxxxx@windbg...<br>&gt;Also if I do this:<br><br>&gt;Kd&gt; k<br>&gt;Child-SP RetAddr Call Site<br>&gt;000000000b29d690 0000000002a0f360 mydll!myfunction+0x70 [my.cpp @ 128]<br>&gt;000000000b29d698 0000000000000000 0x2a0f360<br><br>Very weird. If you do a<br><br>.fnent mydll!myfunction<br><br>Do you get a result?<br><br>-scott<br><br>-- <br>Scott Noone<br>Consulting Associate<br>OSR Open Systems Resources, Inc.<br>http://www.osronline.com<br><br>"Skywing" <xxxxx> wrote in message<br>news:xxxxx@windbg...<br>You should just use k instead of kv on amd64 as that is completely<br>unreadable. :( (Especially on a handheld screen!)<br><br>That being said, my guess is that you have an intervening frame for which<br>unwind information couldn't be pulled.<br><br>Unwinding on amd64 requires reading unwind metadata for each frame. This<br>can be problematic in kd because of things becoming paged out.<br><br>- If part of the loaded module list is paged out, or you did not load user<br>mode symbols beforehand, then the debugger won't have a binary for a given<br>frame's RIP and unwinding will break* because no unwind metadata can be<br>found.<br>- If symbols cannot be loaded and the unwind metadata for a binary is paged<br>out (not uncommon), then unwinding will break* because no unwind metadata<br>can be found.<br>- If you don't have symbol load notifications enabled (or otherwise weren't<br>there to get the notification at the time a particular binary was loaded),<br>and the image headers are paged out, then the debugger won't be able to get<br>unwind metadata and unwinding will break*.<br>- If the caller was JIT'd code, then unwinding will break* in kernel mode as<br>the kernel debugger doesn't support loading the JIT unwind helper DLL<br>(AFAIK).<br><br>*: I believe the debugger will treat these scenarios according to the<br>specification for a leaf function on amd64. This is going to be incorrect<br>for a function that isn't a leaf function.<br><br>In your case, we see mydll!myfunction1 returning to 00000000002ad368 (your
first example), or mydll!myfunc3 000000000750d9e8 (your second example),<br>neither of which the debugger has associated with a loaded module. That<br>means the debugger probably gets lost at those respective frames because it<br>can't access the unwind table for those functions.<br><br>- S<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com<br>[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless<br>Sent: Monday, June 22, 2009 12:56 PM<br>To: Kernel Debugging Interest List<br>Subject: RE:[windbg] Weird stack<br><br>Here is more. It appears to definitely be something to do with my PDBs as<br>the Microsoft ones from the symbol server look correct...<br><br># Child-SP RetAddr : Args to Child<br>: Call Site<br>00 000000000750d9b0 000000000750d9e8 : 000000000750d9e8 000000000750da78<br>000000000750d9d8 cccccccccccccccc : mydll!myfunc3<br>01 000000000750d9b8 000000000750d9e8 : 000000000750da78 000000000750d9d8<br>cccccccccccccccc 0000000007ab0d28 : 0x750d9e8<br>02 000000000750d9c0 000000000750da78 : 000000000750d9d8 cccccccccccccccc<br>0000000007ab0d28 cccccc00cccccccc : 0x750d9e8<br>03 000000000750d9c8 000000000750d9d8 : cccccccccccccccc 0000000007ab0d28<br>cccccc00cccccccc 00000001802b0268 : 0x750da78<br>04 000000000750d9d0 cccccccccccccccc : 0000000007ab0d28 cccccc00cccccccc<br>00000001802b0268 cccccccccccccccc : 0x750d9d8<br>05 000000000750d9d8 0000000007ab0d28 : cccccc00cccccccc 00000001802b0268<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
06 000000000750d9e0 cccccc00cccccccc : 00000001802b0268 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0x7ab0d28
07 000000000750d9e8 00000001802b0268 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc fffffffffffffffe : 0xcccccc00cccccccc<br>08 000000000750d9f0 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>fffffffffffffffe 000000000750d9e8 : mydll!myfunc2<br>09 000000000750d9f8 cccccccccccccccc : cccccccccccccccc fffffffffffffffe<br>000000000750d9e8 000000000750d9e8 : 0xcccccccccccccccc
0a 000000000750da00 cccccccccccccccc : fffffffffffffffe 000000000750d9e8
000000000750d9e8 cccccccc00000000 : 0xcccccccccccccccc<br>0b 000000000750da08 fffffffffffffffe : 000000000750d9e8 000000000750d9e8<br>cccccccc00000000 cccccccccccccccc : 0xcccccccccccccccc
0c 000000000750da10 000000000750d9e8 : 000000000750d9e8 cccccccc00000000
cccccccccccccccc cccccccccccccccc : 0xfffffffffffffffe<br>0d 000000000750da18 000000000750d9e8 : cccccccc00000000 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0x750d9e8<br>0e 000000000750da20 cccccccc00000000 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc 000000000750dac0 : 0x750d9e8<br>0f 000000000750da28 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>000000000750dac0 00000001800247f0 : 0xcccccccc00000000
10 000000000750da30 cccccccccccccccc : cccccccccccccccc 000000000750dac0
00000001800247f0 0000000000f6fd60 : 0xcccccccccccccccc<br>11 000000000750da38 cccccccccccccccc : 000000000750dac0 00000001800247f0<br>0000000000f6fd60 000000000750da78 : 0xcccccccccccccccc
12 000000000750da40 000000000750dac0 : 00000001800247f0 0000000000f6fd60
000000000750da78 cccccccccccccccc : 0xcccccccccccccccc<br>13 000000000750da48 00000001800247f0 : 0000000000f6fd60 000000000750da78<br>cccccccccccccccc cccccccccccccccc : 0x750dac0<br>14 000000000750da50 0000000000f6fd60 : 000000000750da78 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : mydll!myfunc1<br>15 000000000750da58 000000000750da78 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc 0000000007ab09a8 : 0xf6fd60<br>16 000000000750da60 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>0000000007ab09a8 cccccccccccccccc : 0x750da78<br>17 000000000750da68 cccccccccccccccc : cccccccccccccccc 0000000007ab09a8<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
18 000000000750da70 cccccccccccccccc : 0000000007ab09a8 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>19 000000000750da78 0000000007ab09a8 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
1a 000000000750da80 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0x7ab09a8
1b 000000000750da88 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
cccccccccccccccc fffffffffffffffe : 0xcccccccccccccccc<br>1c 000000000750da90 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>fffffffffffffffe cccccccccccccccc : 0xcccccccccccccccc
1d 000000000750da98 cccccccccccccccc : cccccccccccccccc fffffffffffffffe
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>1e 000000000750daa0 cccccccccccccccc : fffffffffffffffe cccccccccccccccc<br>cccccccccccccccc 0000000007a99680 : 0xcccccccccccccccc
1f 000000000750daa8 fffffffffffffffe : cccccccccccccccc cccccccccccccccc
0000000007a99680 000007fefdaf528f : 0xcccccccccccccccc<br>20 000000000750dab0 cccccccccccccccc : cccccccccccccccc 0000000007a99680<br>000007fefdaf528f 0000000000f6b760 : 0xfffffffffffffffe
21 000000000750dab8 cccccccccccccccc : 0000000007a99680 000007fefdaf528f
0000000000f6b760 0000000005e9b827 : 0xcccccccccccccccc<br>22 000000000750dac0 0000000007a99680 : 000007fefdaf528f 0000000000f6b760<br>0000000005e9b827 00000000052f62b4 : 0xcccccccccccccccc
23 000000000750dac8 000007fefdaf528f : 0000000000f6b760 0000000005e9b827
00000000052f62b4 0000000000000400 : 0x7a99680
24 000000000750dad0 000007fefdaf54d0 : 000000000750df90 000007fe05e9b827
00000000052f62b4 000000000750de80 : OLEAUT32!IDispatch_Invoke_Stub+0xcf
25 000000000750db70 000007fefdbd599c : 000007fefdb40082 000000000750df90
000007fefdb43a50 000007fefdb426d8 :
OLEAUT32!IDispatch_RemoteInvoke_Thunk+0x60
26 000000000750dbe0 000007fefdc64442 : 0000000000000000 0000000007ab0798
0000000007a96200 000007fefdb625c0 : RPCRT4!NdrStubCall2+0xc0b
27 000000000750e1e0 000007fefdafb24e : 0000000000000001 0000000000000000
0000000007ab07a8 0000000007ab0770 : RPCRT4!CStdStubBuffer_Invoke+0x9a
28 000000000750e210 000007fefda18809 : 0000000000000000 0000000000000000
0000000000105f40 00000000001107a0 : OLEAUT32!CStubWrapper::Invoke+0x9e
29 000000000750e240 000007fefda1877f : 000000000010f8a0 0000000000117534
00000000001107a0 00000001801f7e48 : ole32!SyncStubInvoke+0x5d
2a 000000000750e2b0 000007fefd8e85ab : 000000000010f8a0 0000000005334ca0
0000000007a0d720 0000000000000001 : ole32!StubInvoke+0xdb
2b 000000000750e360 000007fefd8e9bf5 : cccccccc00000000 0000000000117534
0000000007ab0770 000000000010f8a0 : ole32!CCtxComChnl::ContextInvoke+0x19f
2c 000000000750e4e0 000007fefda18a83 : 0000000005334ca0 0000000000000000
0000000007a0d720 0000000000000000 : ole32!STAInvoke+0x91
2d 000000000750e530 000007fefda183b7 : 00000000d0908070 0000000005334ca0
000000000010fa30 00000000052f62b0 : ole32!AppInvoke+0x193
2e 000000000750e5a0 000007fefda18b15 : 000000000010f810 0000000000000400
0000000000000000 0000000000000000 : ole32!ComInvokeWithLockAndIPID+0x407
2f 000000000750e720 000007fefd8e9ad9 : 0000000000105f40 0000000000000000
00000000000ff008 000000000010f810 : ole32!ComInvoke+0x85
30 000000000750e750 000007fefd8e9982 : 0000000005334ca0 000000000010f818
0000000000000400 0000000000000000 : ole32!ThreadDispatch+0x29
31 000000000750e780 0000000076f5d24a : 0000000000000624 00000000000006cc
0000000000000000 0000000007a4fea0 : ole32!ThreadWndProc+0xaa
32 000000000750e800 0000000076f5d39e : 000000000750e980 000007fefd8e98d8
0000000000000000 0000000001068ae0 : USER32!UserCallWinProcCheckWow+0x1ad
33 000000000750e8c0 000007fef67e7a79 : 00000000052e9500 00000000052e9500
000007fefd8e98d8 0000000000000100 : USER32!DispatchMessageWorker+0x389
34 000000000750e940 000007fef68805ee : 00000000000f2a60 0000000000000000
0000000000000000 0000000003440880 :
IEFRAME!CBrowserFrame::FrameMessagePump+0x411
35 000000000750ea00 000007fef685bd65 : 0000000000000000 0000000000062801
00000000052e9500 0000000000000000 : IEFRAME!BrowserThreadProc+0x14d
36 000000000750eaa0 000007fef685bdcf : 1012733400000001 0000000000000000
0000000000000000 0000000000000000 : IEFRAME!BrowserNewThreadProc+0x98
37 000000000750eae0 0000000076e3495d : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : IEFRAME!SHOpenFolderWindow+0x1df
38 000000000750fb90 0000000077038791 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd
39 000000000750fbc0 0000000000000000 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d

Thanks,
-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 3:47 PM
To: Kernel Debugging Interest List
Subject: [windbg] Weird stack

When I am kernel debugging on x64 and I am looking at a user-mode stack I
get a lot of funky output:

RetAddr : Args to Child
: Call Site
00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc
cccccccccccccccc : mydll!myfunction2<br>00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : mydll!myfunction1
cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc
0000000000000000 : 0x2ad368<br>cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000<br>cccccccccccccccc : 0xcccccccccccccccc<br>cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc<br>cccccccccccccccc : 0xcccccccccccccccc<br>cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : 0xcccccccccccccccc<br>0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : 0xcccccccc`cccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone
else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare
VM running Windows Vista x64, SP1.

Thanks!
-Jeff


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Here is the prolog and some extra:

Kd> u mydll!myfunc
00000001800515f0 4c89442418 mov qword ptr [rsp+18h],r8 00000001800515f5 4889542410 mov qword ptr [rsp+10h],rdx
00000001800515fa 48894c2408 mov qword ptr [rsp+8],rcx 00000001800515ff 53 push rbx
0000000180051600 57 push rdi 0000000180051601 4883ec48 sub rsp,48h
0000000180051605 488bfc mov rdi,rsp 0000000180051608 48b91200000000000000 mov rcx,12h
0000000180051612 b8cccccccc mov eax,0CCCCCCCCh 0000000180051617 f3ab rep stos dword ptr [rdi]
0000000180051619 488b4c2460 mov rcx,qword ptr [rsp+60h] 000000018005161e 488b4c2460 mov rcx,qword ptr [rsp+60h]
0000000180051623 4883c148 add rcx,48h 0000000180051627 33d2 xor edx,edx

Nothing too innocuous… I don’t have vs2008 on my VM, but I’ll try using WinDbg from within the VM to do user-mode debugging.

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: Monday, June 22, 2009 5:16 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] Weird stack

What does the prolog of the routine look like? Does it make any stack
adjustments (pushes, sub rsp, etc)?

Also, if you run the code under the VS2008 debugger do you get a reasonable
call stack?

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Jeff Curless” wrote in message news:xxxxx@windbg…
No I don’t:

kd> .fnent mydll!myfunc
No function entry for 00000001800515f0<br><br>-Jeff<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com<br>[mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone<br>Sent: Monday, June 22, 2009 4:53 PM<br>To: Kernel Debugging Interest List<br>Subject: Re:[windbg] Weird stack<br><br>"Skywing" <xxxxx> wrote in message<br>news:xxxxx@windbg...<br>&gt;You should just use k instead of kv on amd64 as that is completely<br>&gt;unreadable.<br><br>It's important to have a really wide monitor when dealing with x64 dumps :)<br><br>I'm also entirely addicted to "kc" now, which shows a much more reasonable<br>call stack:<br><br>0: kd&gt; kc<br>Call Site<br>intelppm!C1Halt<br>intelppm!AcpiC1Idle<br>nt!PopProcessorIdle<br>nt!KiIdleLoop<br>nt!KiSystemStartup<br>0x0<br><br>"Jeff Curless" <xxxxx> wrote in message news:xxxxx@windbg...<br>&gt;Also if I do this:<br><br>&gt;Kd&gt; k<br>&gt;Child-SP RetAddr Call Site<br>&gt;000000000b29d690 0000000002a0f360 mydll!myfunction+0x70 [my.cpp @ 128]<br>&gt;000000000b29d698 0000000000000000 0x2a0f360<br><br>Very weird. If you do a<br><br>.fnent mydll!myfunction<br><br>Do you get a result?<br><br>-scott<br><br>--<br>Scott Noone<br>Consulting Associate<br>OSR Open Systems Resources, Inc.<br>http://www.osronline.com<br><br>"Skywing" <xxxxx> wrote in message<br>news:xxxxx@windbg...<br>You should just use k instead of kv on amd64 as that is completely<br>unreadable. :( (Especially on a handheld screen!)<br><br>That being said, my guess is that you have an intervening frame for which<br>unwind information couldn't be pulled.<br><br>Unwinding on amd64 requires reading unwind metadata for each frame. This<br>can be problematic in kd because of things becoming paged out.<br><br>- If part of the loaded module list is paged out, or you did not load user<br>mode symbols beforehand, then the debugger won't have a binary for a given<br>frame's RIP and unwinding will break* because no unwind metadata can be<br>found.<br>- If symbols cannot be loaded and the unwind metadata for a binary is paged<br>out (not uncommon), then unwinding will break* because no unwind metadata<br>can be found.<br>- If you don't have symbol load notifications enabled (or otherwise weren't<br>there to get the notification at the time a particular binary was loaded),<br>and the image headers are paged out, then the debugger won't be able to get<br>unwind metadata and unwinding will break*.<br>- If the caller was JIT'd code, then unwinding will break* in kernel mode as<br>the kernel debugger doesn't support loading the JIT unwind helper DLL<br>(AFAIK).<br><br>*: I believe the debugger will treat these scenarios according to the<br>specification for a leaf function on amd64. This is going to be incorrect<br>for a function that isn't a leaf function.<br><br>In your case, we see mydll!myfunction1 returning to 00000000002ad368 (your
first example), or mydll!myfunc3 000000000750d9e8 (your second example),<br>neither of which the debugger has associated with a loaded module. That<br>means the debugger probably gets lost at those respective frames because it<br>can't access the unwind table for those functions.<br><br>- S<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com<br>[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless<br>Sent: Monday, June 22, 2009 12:56 PM<br>To: Kernel Debugging Interest List<br>Subject: RE:[windbg] Weird stack<br><br>Here is more. It appears to definitely be something to do with my PDBs as<br>the Microsoft ones from the symbol server look correct...<br><br># Child-SP RetAddr : Args to Child<br>: Call Site<br>00 000000000750d9b0 000000000750d9e8 : 000000000750d9e8 000000000750da78<br>000000000750d9d8 cccccccccccccccc : mydll!myfunc3<br>01 000000000750d9b8 000000000750d9e8 : 000000000750da78 000000000750d9d8<br>cccccccccccccccc 0000000007ab0d28 : 0x750d9e8<br>02 000000000750d9c0 000000000750da78 : 000000000750d9d8 cccccccccccccccc<br>0000000007ab0d28 cccccc00cccccccc : 0x750d9e8<br>03 000000000750d9c8 000000000750d9d8 : cccccccccccccccc 0000000007ab0d28<br>cccccc00cccccccc 00000001802b0268 : 0x750da78<br>04 000000000750d9d0 cccccccccccccccc : 0000000007ab0d28 cccccc00cccccccc<br>00000001802b0268 cccccccccccccccc : 0x750d9d8<br>05 000000000750d9d8 0000000007ab0d28 : cccccc00cccccccc 00000001802b0268<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
06 000000000750d9e0 cccccc00cccccccc : 00000001802b0268 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0x7ab0d28
07 000000000750d9e8 00000001802b0268 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc fffffffffffffffe : 0xcccccc00cccccccc<br>08 000000000750d9f0 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>fffffffffffffffe 000000000750d9e8 : mydll!myfunc2<br>09 000000000750d9f8 cccccccccccccccc : cccccccccccccccc fffffffffffffffe<br>000000000750d9e8 000000000750d9e8 : 0xcccccccccccccccc
0a 000000000750da00 cccccccccccccccc : fffffffffffffffe 000000000750d9e8
000000000750d9e8 cccccccc00000000 : 0xcccccccccccccccc<br>0b 000000000750da08 fffffffffffffffe : 000000000750d9e8 000000000750d9e8<br>cccccccc00000000 cccccccccccccccc : 0xcccccccccccccccc
0c 000000000750da10 000000000750d9e8 : 000000000750d9e8 cccccccc00000000
cccccccccccccccc cccccccccccccccc : 0xfffffffffffffffe<br>0d 000000000750da18 000000000750d9e8 : cccccccc00000000 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0x750d9e8<br>0e 000000000750da20 cccccccc00000000 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc 000000000750dac0 : 0x750d9e8<br>0f 000000000750da28 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>000000000750dac0 00000001800247f0 : 0xcccccccc00000000
10 000000000750da30 cccccccccccccccc : cccccccccccccccc 000000000750dac0
00000001800247f0 0000000000f6fd60 : 0xcccccccccccccccc<br>11 000000000750da38 cccccccccccccccc : 000000000750dac0 00000001800247f0<br>0000000000f6fd60 000000000750da78 : 0xcccccccccccccccc
12 000000000750da40 000000000750dac0 : 00000001800247f0 0000000000f6fd60
000000000750da78 cccccccccccccccc : 0xcccccccccccccccc<br>13 000000000750da48 00000001800247f0 : 0000000000f6fd60 000000000750da78<br>cccccccccccccccc cccccccccccccccc : 0x750dac0<br>14 000000000750da50 0000000000f6fd60 : 000000000750da78 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : mydll!myfunc1<br>15 000000000750da58 000000000750da78 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc 0000000007ab09a8 : 0xf6fd60<br>16 000000000750da60 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>0000000007ab09a8 cccccccccccccccc : 0x750da78<br>17 000000000750da68 cccccccccccccccc : cccccccccccccccc 0000000007ab09a8<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
18 000000000750da70 cccccccccccccccc : 0000000007ab09a8 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>19 000000000750da78 0000000007ab09a8 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
1a 000000000750da80 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0x7ab09a8
1b 000000000750da88 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
cccccccccccccccc fffffffffffffffe : 0xcccccccccccccccc<br>1c 000000000750da90 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>fffffffffffffffe cccccccccccccccc : 0xcccccccccccccccc
1d 000000000750da98 cccccccccccccccc : cccccccccccccccc fffffffffffffffe
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>1e 000000000750daa0 cccccccccccccccc : fffffffffffffffe cccccccccccccccc<br>cccccccccccccccc 0000000007a99680 : 0xcccccccccccccccc
1f 000000000750daa8 fffffffffffffffe : cccccccccccccccc cccccccccccccccc
0000000007a99680 000007fefdaf528f : 0xcccccccccccccccc<br>20 000000000750dab0 cccccccccccccccc : cccccccccccccccc 0000000007a99680<br>000007fefdaf528f 0000000000f6b760 : 0xfffffffffffffffe
21 000000000750dab8 cccccccccccccccc : 0000000007a99680 000007fefdaf528f
0000000000f6b760 0000000005e9b827 : 0xcccccccccccccccc<br>22 000000000750dac0 0000000007a99680 : 000007fefdaf528f 0000000000f6b760<br>0000000005e9b827 00000000052f62b4 : 0xcccccccccccccccc
23 000000000750dac8 000007fefdaf528f : 0000000000f6b760 0000000005e9b827
00000000052f62b4 0000000000000400 : 0x7a99680
24 000000000750dad0 000007fefdaf54d0 : 000000000750df90 000007fe05e9b827
00000000052f62b4 000000000750de80 : OLEAUT32!IDispatch_Invoke_Stub+0xcf
25 000000000750db70 000007fefdbd599c : 000007fefdb40082 000000000750df90
000007fefdb43a50 000007fefdb426d8 :
OLEAUT32!IDispatch_RemoteInvoke_Thunk+0x60
26 000000000750dbe0 000007fefdc64442 : 0000000000000000 0000000007ab0798
0000000007a96200 000007fefdb625c0 : RPCRT4!NdrStubCall2+0xc0b
27 000000000750e1e0 000007fefdafb24e : 0000000000000001 0000000000000000
0000000007ab07a8 0000000007ab0770 : RPCRT4!CStdStubBuffer_Invoke+0x9a
28 000000000750e210 000007fefda18809 : 0000000000000000 0000000000000000
0000000000105f40 00000000001107a0 : OLEAUT32!CStubWrapper::Invoke+0x9e
29 000000000750e240 000007fefda1877f : 000000000010f8a0 0000000000117534
00000000001107a0 00000001801f7e48 : ole32!SyncStubInvoke+0x5d
2a 000000000750e2b0 000007fefd8e85ab : 000000000010f8a0 0000000005334ca0
0000000007a0d720 0000000000000001 : ole32!StubInvoke+0xdb
2b 000000000750e360 000007fefd8e9bf5 : cccccccc00000000 0000000000117534
0000000007ab0770 000000000010f8a0 : ole32!CCtxComChnl::ContextInvoke+0x19f
2c 000000000750e4e0 000007fefda18a83 : 0000000005334ca0 0000000000000000
0000000007a0d720 0000000000000000 : ole32!STAInvoke+0x91
2d 000000000750e530 000007fefda183b7 : 00000000d0908070 0000000005334ca0
000000000010fa30 00000000052f62b0 : ole32!AppInvoke+0x193
2e 000000000750e5a0 000007fefda18b15 : 000000000010f810 0000000000000400
0000000000000000 0000000000000000 : ole32!ComInvokeWithLockAndIPID+0x407
2f 000000000750e720 000007fefd8e9ad9 : 0000000000105f40 0000000000000000
00000000000ff008 000000000010f810 : ole32!ComInvoke+0x85
30 000000000750e750 000007fefd8e9982 : 0000000005334ca0 000000000010f818
0000000000000400 0000000000000000 : ole32!ThreadDispatch+0x29
31 000000000750e780 0000000076f5d24a : 0000000000000624 00000000000006cc
0000000000000000 0000000007a4fea0 : ole32!ThreadWndProc+0xaa
32 000000000750e800 0000000076f5d39e : 000000000750e980 000007fefd8e98d8
0000000000000000 0000000001068ae0 : USER32!UserCallWinProcCheckWow+0x1ad
33 000000000750e8c0 000007fef67e7a79 : 00000000052e9500 00000000052e9500
000007fefd8e98d8 0000000000000100 : USER32!DispatchMessageWorker+0x389
34 000000000750e940 000007fef68805ee : 00000000000f2a60 0000000000000000
0000000000000000 0000000003440880 :
IEFRAME!CBrowserFrame::FrameMessagePump+0x411
35 000000000750ea00 000007fef685bd65 : 0000000000000000 0000000000062801
00000000052e9500 0000000000000000 : IEFRAME!BrowserThreadProc+0x14d
36 000000000750eaa0 000007fef685bdcf : 1012733400000001 0000000000000000
0000000000000000 0000000000000000 : IEFRAME!BrowserNewThreadProc+0x98
37 000000000750eae0 0000000076e3495d : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : IEFRAME!SHOpenFolderWindow+0x1df
38 000000000750fb90 0000000077038791 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd
39 000000000750fbc0 0000000000000000 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d

Thanks,
-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 3:47 PM
To: Kernel Debugging Interest List
Subject: [windbg] Weird stack

When I am kernel debugging on x64 and I am looking at a user-mode stack I
get a lot of funky output:

RetAddr : Args to Child
: Call Site
00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc
cccccccccccccccc : mydll!myfunction2<br>00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : mydll!myfunction1
cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc
0000000000000000 : 0x2ad368<br>cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000<br>cccccccccccccccc : 0xcccccccccccccccc<br>cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc<br>cccccccccccccccc : 0xcccccccccccccccc<br>cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : 0xcccccccccccccccc<br>0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : 0xcccccccc`cccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone
else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare
VM running Windows Vista x64, SP1.

Thanks!
-Jeff


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Ok well I tried connecting to the process from within the VM doing a user-mode Windbg debug. This time the stack looks perfect. I noticed that the “return code” is also very different than it was before, but the first argument to the function looks like the old return code. Maybe it thinks things were shifted by 8 bytes?

Child-SP RetAddr : Args to Child : Call Site
000000000871d668 000000018007a292 : 0000000002a0de50 0000000002a0dd90 cccccccccccccccc cccccccccccccccc : mydll!myfunc1
000000000871d670 000000018007a5d7 : 0000000002a0dd90 0000000004f80508 0000000004f80508 000000000500df98 : mydll!myfunc0

Also if I now break in using windbg as a kernel-mode debugger and look at the same process, everything lines up correctly too ( I left the process broken in user-mode from within the VM).

It appears this only occurs if I am kernel-mode debugging, and use .process /I xxx ;g;.reload /user.

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 5:32 PM
To: Kernel Debugging Interest List
Subject: RE: Re:[windbg] Weird stack

Here is the prolog and some extra:

Kd> u mydll!myfunc
00000001800515f0 4c89442418 mov qword ptr [rsp+18h],r8 00000001800515f5 4889542410 mov qword ptr [rsp+10h],rdx
00000001800515fa 48894c2408 mov qword ptr [rsp+8],rcx 00000001800515ff 53 push rbx
0000000180051600 57 push rdi 0000000180051601 4883ec48 sub rsp,48h
0000000180051605 488bfc mov rdi,rsp 0000000180051608 48b91200000000000000 mov rcx,12h
0000000180051612 b8cccccccc mov eax,0CCCCCCCCh 0000000180051617 f3ab rep stos dword ptr [rdi]
0000000180051619 488b4c2460 mov rcx,qword ptr [rsp+60h] 000000018005161e 488b4c2460 mov rcx,qword ptr [rsp+60h]
0000000180051623 4883c148 add rcx,48h 0000000180051627 33d2 xor edx,edx

Nothing too innocuous… I don’t have vs2008 on my VM, but I’ll try using WinDbg from within the VM to do user-mode debugging.

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: Monday, June 22, 2009 5:16 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] Weird stack

What does the prolog of the routine look like? Does it make any stack
adjustments (pushes, sub rsp, etc)?

Also, if you run the code under the VS2008 debugger do you get a reasonable
call stack?

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Jeff Curless” wrote in message news:xxxxx@windbg…
No I don’t:

kd> .fnent mydll!myfunc
No function entry for 00000001800515f0<br><br>-Jeff<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com<br>[mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone<br>Sent: Monday, June 22, 2009 4:53 PM<br>To: Kernel Debugging Interest List<br>Subject: Re:[windbg] Weird stack<br><br>"Skywing" <xxxxx> wrote in message<br>news:xxxxx@windbg...<br>&gt;You should just use k instead of kv on amd64 as that is completely<br>&gt;unreadable.<br><br>It's important to have a really wide monitor when dealing with x64 dumps :)<br><br>I'm also entirely addicted to "kc" now, which shows a much more reasonable<br>call stack:<br><br>0: kd&gt; kc<br>Call Site<br>intelppm!C1Halt<br>intelppm!AcpiC1Idle<br>nt!PopProcessorIdle<br>nt!KiIdleLoop<br>nt!KiSystemStartup<br>0x0<br><br>"Jeff Curless" <xxxxx> wrote in message news:xxxxx@windbg...<br>&gt;Also if I do this:<br><br>&gt;Kd&gt; k<br>&gt;Child-SP RetAddr Call Site<br>&gt;000000000b29d690 0000000002a0f360 mydll!myfunction+0x70 [my.cpp @ 128]<br>&gt;000000000b29d698 0000000000000000 0x2a0f360<br><br>Very weird. If you do a<br><br>.fnent mydll!myfunction<br><br>Do you get a result?<br><br>-scott<br><br>--<br>Scott Noone<br>Consulting Associate<br>OSR Open Systems Resources, Inc.<br>http://www.osronline.com<br><br>"Skywing" <xxxxx> wrote in message<br>news:xxxxx@windbg...<br>You should just use k instead of kv on amd64 as that is completely<br>unreadable. :( (Especially on a handheld screen!)<br><br>That being said, my guess is that you have an intervening frame for which<br>unwind information couldn't be pulled.<br><br>Unwinding on amd64 requires reading unwind metadata for each frame. This<br>can be problematic in kd because of things becoming paged out.<br><br>- If part of the loaded module list is paged out, or you did not load user<br>mode symbols beforehand, then the debugger won't have a binary for a given<br>frame's RIP and unwinding will break* because no unwind metadata can be<br>found.<br>- If symbols cannot be loaded and the unwind metadata for a binary is paged<br>out (not uncommon), then unwinding will break* because no unwind metadata<br>can be found.<br>- If you don't have symbol load notifications enabled (or otherwise weren't<br>there to get the notification at the time a particular binary was loaded),<br>and the image headers are paged out, then the debugger won't be able to get<br>unwind metadata and unwinding will break*.<br>- If the caller was JIT'd code, then unwinding will break* in kernel mode as<br>the kernel debugger doesn't support loading the JIT unwind helper DLL<br>(AFAIK).<br><br>*: I believe the debugger will treat these scenarios according to the<br>specification for a leaf function on amd64. This is going to be incorrect<br>for a function that isn't a leaf function.<br><br>In your case, we see mydll!myfunction1 returning to 00000000002ad368 (your
first example), or mydll!myfunc3 000000000750d9e8 (your second example),<br>neither of which the debugger has associated with a loaded module. That<br>means the debugger probably gets lost at those respective frames because it<br>can't access the unwind table for those functions.<br><br>- S<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com<br>[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless<br>Sent: Monday, June 22, 2009 12:56 PM<br>To: Kernel Debugging Interest List<br>Subject: RE:[windbg] Weird stack<br><br>Here is more. It appears to definitely be something to do with my PDBs as<br>the Microsoft ones from the symbol server look correct...<br><br># Child-SP RetAddr : Args to Child<br>: Call Site<br>00 000000000750d9b0 000000000750d9e8 : 000000000750d9e8 000000000750da78<br>000000000750d9d8 cccccccccccccccc : mydll!myfunc3<br>01 000000000750d9b8 000000000750d9e8 : 000000000750da78 000000000750d9d8<br>cccccccccccccccc 0000000007ab0d28 : 0x750d9e8<br>02 000000000750d9c0 000000000750da78 : 000000000750d9d8 cccccccccccccccc<br>0000000007ab0d28 cccccc00cccccccc : 0x750d9e8<br>03 000000000750d9c8 000000000750d9d8 : cccccccccccccccc 0000000007ab0d28<br>cccccc00cccccccc 00000001802b0268 : 0x750da78<br>04 000000000750d9d0 cccccccccccccccc : 0000000007ab0d28 cccccc00cccccccc<br>00000001802b0268 cccccccccccccccc : 0x750d9d8<br>05 000000000750d9d8 0000000007ab0d28 : cccccc00cccccccc 00000001802b0268<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
06 000000000750d9e0 cccccc00cccccccc : 00000001802b0268 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0x7ab0d28
07 000000000750d9e8 00000001802b0268 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc fffffffffffffffe : 0xcccccc00cccccccc<br>08 000000000750d9f0 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>fffffffffffffffe 000000000750d9e8 : mydll!myfunc2<br>09 000000000750d9f8 cccccccccccccccc : cccccccccccccccc fffffffffffffffe<br>000000000750d9e8 000000000750d9e8 : 0xcccccccccccccccc
0a 000000000750da00 cccccccccccccccc : fffffffffffffffe 000000000750d9e8
000000000750d9e8 cccccccc00000000 : 0xcccccccccccccccc<br>0b 000000000750da08 fffffffffffffffe : 000000000750d9e8 000000000750d9e8<br>cccccccc00000000 cccccccccccccccc : 0xcccccccccccccccc
0c 000000000750da10 000000000750d9e8 : 000000000750d9e8 cccccccc00000000
cccccccccccccccc cccccccccccccccc : 0xfffffffffffffffe<br>0d 000000000750da18 000000000750d9e8 : cccccccc00000000 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0x750d9e8<br>0e 000000000750da20 cccccccc00000000 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc 000000000750dac0 : 0x750d9e8<br>0f 000000000750da28 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>000000000750dac0 00000001800247f0 : 0xcccccccc00000000
10 000000000750da30 cccccccccccccccc : cccccccccccccccc 000000000750dac0
00000001800247f0 0000000000f6fd60 : 0xcccccccccccccccc<br>11 000000000750da38 cccccccccccccccc : 000000000750dac0 00000001800247f0<br>0000000000f6fd60 000000000750da78 : 0xcccccccccccccccc
12 000000000750da40 000000000750dac0 : 00000001800247f0 0000000000f6fd60
000000000750da78 cccccccccccccccc : 0xcccccccccccccccc<br>13 000000000750da48 00000001800247f0 : 0000000000f6fd60 000000000750da78<br>cccccccccccccccc cccccccccccccccc : 0x750dac0<br>14 000000000750da50 0000000000f6fd60 : 000000000750da78 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : mydll!myfunc1<br>15 000000000750da58 000000000750da78 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc 0000000007ab09a8 : 0xf6fd60<br>16 000000000750da60 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>0000000007ab09a8 cccccccccccccccc : 0x750da78<br>17 000000000750da68 cccccccccccccccc : cccccccccccccccc 0000000007ab09a8<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
18 000000000750da70 cccccccccccccccc : 0000000007ab09a8 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>19 000000000750da78 0000000007ab09a8 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
1a 000000000750da80 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0x7ab09a8
1b 000000000750da88 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
cccccccccccccccc fffffffffffffffe : 0xcccccccccccccccc<br>1c 000000000750da90 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>fffffffffffffffe cccccccccccccccc : 0xcccccccccccccccc
1d 000000000750da98 cccccccccccccccc : cccccccccccccccc fffffffffffffffe
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>1e 000000000750daa0 cccccccccccccccc : fffffffffffffffe cccccccccccccccc<br>cccccccccccccccc 0000000007a99680 : 0xcccccccccccccccc
1f 000000000750daa8 fffffffffffffffe : cccccccccccccccc cccccccccccccccc
0000000007a99680 000007fefdaf528f : 0xcccccccccccccccc<br>20 000000000750dab0 cccccccccccccccc : cccccccccccccccc 0000000007a99680<br>000007fefdaf528f 0000000000f6b760 : 0xfffffffffffffffe
21 000000000750dab8 cccccccccccccccc : 0000000007a99680 000007fefdaf528f
0000000000f6b760 0000000005e9b827 : 0xcccccccccccccccc<br>22 000000000750dac0 0000000007a99680 : 000007fefdaf528f 0000000000f6b760<br>0000000005e9b827 00000000052f62b4 : 0xcccccccccccccccc
23 000000000750dac8 000007fefdaf528f : 0000000000f6b760 0000000005e9b827
00000000052f62b4 0000000000000400 : 0x7a99680
24 000000000750dad0 000007fefdaf54d0 : 000000000750df90 000007fe05e9b827
00000000052f62b4 000000000750de80 : OLEAUT32!IDispatch_Invoke_Stub+0xcf
25 000000000750db70 000007fefdbd599c : 000007fefdb40082 000000000750df90
000007fefdb43a50 000007fefdb426d8 :
OLEAUT32!IDispatch_RemoteInvoke_Thunk+0x60
26 000000000750dbe0 000007fefdc64442 : 0000000000000000 0000000007ab0798
0000000007a96200 000007fefdb625c0 : RPCRT4!NdrStubCall2+0xc0b
27 000000000750e1e0 000007fefdafb24e : 0000000000000001 0000000000000000
0000000007ab07a8 0000000007ab0770 : RPCRT4!CStdStubBuffer_Invoke+0x9a
28 000000000750e210 000007fefda18809 : 0000000000000000 0000000000000000
0000000000105f40 00000000001107a0 : OLEAUT32!CStubWrapper::Invoke+0x9e
29 000000000750e240 000007fefda1877f : 000000000010f8a0 0000000000117534
00000000001107a0 00000001801f7e48 : ole32!SyncStubInvoke+0x5d
2a 000000000750e2b0 000007fefd8e85ab : 000000000010f8a0 0000000005334ca0
0000000007a0d720 0000000000000001 : ole32!StubInvoke+0xdb
2b 000000000750e360 000007fefd8e9bf5 : cccccccc00000000 0000000000117534
0000000007ab0770 000000000010f8a0 : ole32!CCtxComChnl::ContextInvoke+0x19f
2c 000000000750e4e0 000007fefda18a83 : 0000000005334ca0 0000000000000000
0000000007a0d720 0000000000000000 : ole32!STAInvoke+0x91
2d 000000000750e530 000007fefda183b7 : 00000000d0908070 0000000005334ca0
000000000010fa30 00000000052f62b0 : ole32!AppInvoke+0x193
2e 000000000750e5a0 000007fefda18b15 : 000000000010f810 0000000000000400
0000000000000000 0000000000000000 : ole32!ComInvokeWithLockAndIPID+0x407
2f 000000000750e720 000007fefd8e9ad9 : 0000000000105f40 0000000000000000
00000000000ff008 000000000010f810 : ole32!ComInvoke+0x85
30 000000000750e750 000007fefd8e9982 : 0000000005334ca0 000000000010f818
0000000000000400 0000000000000000 : ole32!ThreadDispatch+0x29
31 000000000750e780 0000000076f5d24a : 0000000000000624 00000000000006cc
0000000000000000 0000000007a4fea0 : ole32!ThreadWndProc+0xaa
32 000000000750e800 0000000076f5d39e : 000000000750e980 000007fefd8e98d8
0000000000000000 0000000001068ae0 : USER32!UserCallWinProcCheckWow+0x1ad
33 000000000750e8c0 000007fef67e7a79 : 00000000052e9500 00000000052e9500
000007fefd8e98d8 0000000000000100 : USER32!DispatchMessageWorker+0x389
34 000000000750e940 000007fef68805ee : 00000000000f2a60 0000000000000000
0000000000000000 0000000003440880 :
IEFRAME!CBrowserFrame::FrameMessagePump+0x411
35 000000000750ea00 000007fef685bd65 : 0000000000000000 0000000000062801
00000000052e9500 0000000000000000 : IEFRAME!BrowserThreadProc+0x14d
36 000000000750eaa0 000007fef685bdcf : 1012733400000001 0000000000000000
0000000000000000 0000000000000000 : IEFRAME!BrowserNewThreadProc+0x98
37 000000000750eae0 0000000076e3495d : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : IEFRAME!SHOpenFolderWindow+0x1df
38 000000000750fb90 0000000077038791 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd
39 000000000750fbc0 0000000000000000 : 0000000000000000 0000000000000000
0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d

Thanks,
-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 3:47 PM
To: Kernel Debugging Interest List
Subject: [windbg] Weird stack

When I am kernel debugging on x64 and I am looking at a user-mode stack I
get a lot of funky output:

RetAddr : Args to Child
: Call Site
00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc
cccccccccccccccc : mydll!myfunction2<br>00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : mydll!myfunction1
cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc
0000000000000000 : 0x2ad368<br>cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000<br>cccccccccccccccc : 0xcccccccccccccccc<br>cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc<br>cccccccccccccccc : 0xcccccccccccccccc<br>cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : 0xcccccccccccccccc<br>0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : 0xcccccccc`cccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone
else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare
VM running Windows Vista x64, SP1.

Thanks!
-Jeff


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Yes, that’s Bad™. That will cause stack tracing to behave incorrectly. Do you have symbols loaded for mydll? (What’s !lmi mydll show?)

Can you read the exception directory (from !dh mydll – look for the exception directory listing there to find its RVA and length) from mydll?

  • S

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 2:08 PM
To: Kernel Debugging Interest List
Subject: RE: Re:[windbg] Weird stack

No I don’t:

kd> .fnent mydll!myfunc
No function entry for 00000001`800515f0

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: Monday, June 22, 2009 4:53 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] Weird stack

“Skywing” wrote in message
news:xxxxx@windbg…
>You should just use k instead of kv on amd64 as that is completely
>unreadable.

It’s important to have a really wide monitor when dealing with x64 dumps :slight_smile:

I’m also entirely addicted to “kc” now, which shows a much more reasonable
call stack:

0: kd> kc
Call Site
intelppm!C1Halt
intelppm!AcpiC1Idle
nt!PopProcessorIdle
nt!KiIdleLoop
nt!KiSystemStartup
0x0

“Jeff Curless” wrote in message news:xxxxx@windbg…
>Also if I do this:

>Kd> k
>Child-SP RetAddr Call Site
>000000000b29d690 0000000002a0f360 mydll!myfunction+0x70 [my.cpp @ 128]
>000000000b29d698 0000000000000000 0x2a0f360

Very weird. If you do a

.fnent mydll!myfunction

Do you get a result?

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Skywing” wrote in message
news:xxxxx@windbg…
You should just use k instead of kv on amd64 as that is completely
unreadable. :frowning: (Especially on a handheld screen!)

That being said, my guess is that you have an intervening frame for which
unwind information couldn’t be pulled.

Unwinding on amd64 requires reading unwind metadata for each frame. This
can be problematic in kd because of things becoming paged out.

- If part of the loaded module list is paged out, or you did not load user
mode symbols beforehand, then the debugger won’t have a binary for a given
frame’s RIP and unwinding will break* because no unwind metadata can be
found.
- If symbols cannot be loaded and the unwind metadata for a binary is paged
out (not uncommon), then unwinding will break* because no unwind metadata
can be found.
- If you don’t have symbol load notifications enabled (or otherwise weren’t
there to get the notification at the time a particular binary was loaded),
and the image headers are paged out, then the debugger won’t be able to get
unwind metadata and unwinding will break*.
- If the caller was JIT’d code, then unwinding will break* in kernel mode as
the kernel debugger doesn’t support loading the JIT unwind helper DLL
(AFAIK).

*: I believe the debugger will treat these scenarios according to the
specification for a leaf function on amd64. This is going to be incorrect
for a function that isn’t a leaf function.

In your case, we see mydll!myfunction1 returning to 00000000002ad368 (your<br>first example), or mydll!myfunc3 000000000750d9e8 (your second example),
neither of which the debugger has associated with a loaded module. That
means the debugger probably gets lost at those respective frames because it
can’t access the unwind table for those functions.

- S

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 12:56 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

Here is more. It appears to definitely be something to do with my PDBs as
the Microsoft ones from the symbol server look correct…

# Child-SP RetAddr : Args to Child
: Call Site
00 000000000750d9b0 000000000750d9e8 : 000000000750d9e8 000000000750da78
000000000750d9d8 cccccccccccccccc : mydll!myfunc3
01 000000000750d9b8 000000000750d9e8 : 000000000750da78 000000000750d9d8
cccccccccccccccc 0000000007ab0d28 : 0x750d9e8
02 000000000750d9c0 000000000750da78 : 000000000750d9d8 cccccccccccccccc
0000000007ab0d28 cccccc00cccccccc : 0x750d9e8
03 000000000750d9c8 000000000750d9d8 : cccccccccccccccc 0000000007ab0d28
cccccc00cccccccc 00000001802b0268 : 0x750da78
04 000000000750d9d0 cccccccccccccccc : 0000000007ab0d28 cccccc00cccccccc
00000001802b0268 cccccccccccccccc : 0x750d9d8
05 000000000750d9d8 0000000007ab0d28 : cccccc00cccccccc 00000001802b0268
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>06 000000000750d9e0 cccccc00cccccccc : 00000001802b0268 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0x7ab0d28<br>07 000000000750d9e8 00000001802b0268 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc fffffffffffffffe : 0xcccccc00cccccccc
08 000000000750d9f0 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
fffffffffffffffe 000000000750d9e8 : mydll!myfunc2
09 000000000750d9f8 cccccccccccccccc : cccccccccccccccc fffffffffffffffe
000000000750d9e8 000000000750d9e8 : 0xcccccccccccccccc<br>0a 000000000750da00 cccccccccccccccc : fffffffffffffffe 000000000750d9e8<br>000000000750d9e8 cccccccc00000000 : 0xcccccccccccccccc
0b 000000000750da08 fffffffffffffffe : 000000000750d9e8 000000000750d9e8
cccccccc00000000 cccccccccccccccc : 0xcccccccccccccccc<br>0c 000000000750da10 000000000750d9e8 : 000000000750d9e8 cccccccc00000000<br>cccccccccccccccc cccccccccccccccc : 0xfffffffffffffffe
0d 000000000750da18 000000000750d9e8 : cccccccc00000000 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0x750d9e8
0e 000000000750da20 cccccccc00000000 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc 000000000750dac0 : 0x750d9e8
0f 000000000750da28 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
000000000750dac0 00000001800247f0 : 0xcccccccc00000000<br>10 000000000750da30 cccccccccccccccc : cccccccccccccccc 000000000750dac0<br>00000001800247f0 0000000000f6fd60 : 0xcccccccccccccccc
11 000000000750da38 cccccccccccccccc : 000000000750dac0 00000001800247f0
0000000000f6fd60 000000000750da78 : 0xcccccccccccccccc<br>12 000000000750da40 000000000750dac0 : 00000001800247f0 0000000000f6fd60<br>000000000750da78 cccccccccccccccc : 0xcccccccccccccccc
13 000000000750da48 00000001800247f0 : 0000000000f6fd60 000000000750da78
cccccccccccccccc cccccccccccccccc : 0x750dac0
14 000000000750da50 0000000000f6fd60 : 000000000750da78 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : mydll!myfunc1
15 000000000750da58 000000000750da78 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc 0000000007ab09a8 : 0xf6fd60
16 000000000750da60 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
0000000007ab09a8 cccccccccccccccc : 0x750da78
17 000000000750da68 cccccccccccccccc : cccccccccccccccc 0000000007ab09a8
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>18 000000000750da70 cccccccccccccccc : 0000000007ab09a8 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
19 000000000750da78 0000000007ab09a8 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>1a 000000000750da80 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0x7ab09a8<br>1b 000000000750da88 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc fffffffffffffffe : 0xcccccccccccccccc
1c 000000000750da90 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
fffffffffffffffe cccccccccccccccc : 0xcccccccccccccccc<br>1d 000000000750da98 cccccccccccccccc : cccccccccccccccc fffffffffffffffe<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
1e 000000000750daa0 cccccccccccccccc : fffffffffffffffe cccccccccccccccc
cccccccccccccccc 0000000007a99680 : 0xcccccccccccccccc<br>1f 000000000750daa8 fffffffffffffffe : cccccccccccccccc cccccccccccccccc<br>0000000007a99680 000007fefdaf528f : 0xcccccccccccccccc
20 000000000750dab0 cccccccccccccccc : cccccccccccccccc 0000000007a99680
000007fefdaf528f 0000000000f6b760 : 0xfffffffffffffffe<br>21 000000000750dab8 cccccccccccccccc : 0000000007a99680 000007fefdaf528f<br>0000000000f6b760 0000000005e9b827 : 0xcccccccccccccccc
22 000000000750dac0 0000000007a99680 : 000007fefdaf528f 0000000000f6b760
0000000005e9b827 00000000052f62b4 : 0xcccccccccccccccc<br>23 000000000750dac8 000007fefdaf528f : 0000000000f6b760 0000000005e9b827<br>00000000052f62b4 0000000000000400 : 0x7a99680<br>24 000000000750dad0 000007fefdaf54d0 : 000000000750df90 000007fe05e9b827<br>00000000052f62b4 000000000750de80 : OLEAUT32!IDispatch_Invoke_Stub+0xcf<br>25 000000000750db70 000007fefdbd599c : 000007fefdb40082 000000000750df90<br>000007fefdb43a50 000007fefdb426d8 :<br>OLEAUT32!IDispatch_RemoteInvoke_Thunk+0x60<br>26 000000000750dbe0 000007fefdc64442 : 0000000000000000 0000000007ab0798<br>0000000007a96200 000007fefdb625c0 : RPCRT4!NdrStubCall2+0xc0b<br>27 000000000750e1e0 000007fefdafb24e : 0000000000000001 0000000000000000<br>0000000007ab07a8 0000000007ab0770 : RPCRT4!CStdStubBuffer_Invoke+0x9a<br>28 000000000750e210 000007fefda18809 : 0000000000000000 0000000000000000<br>0000000000105f40 00000000001107a0 : OLEAUT32!CStubWrapper::Invoke+0x9e<br>29 000000000750e240 000007fefda1877f : 000000000010f8a0 0000000000117534<br>00000000001107a0 00000001801f7e48 : ole32!SyncStubInvoke+0x5d<br>2a 000000000750e2b0 000007fefd8e85ab : 000000000010f8a0 0000000005334ca0<br>0000000007a0d720 0000000000000001 : ole32!StubInvoke+0xdb<br>2b 000000000750e360 000007fefd8e9bf5 : cccccccc00000000 0000000000117534<br>0000000007ab0770 000000000010f8a0 : ole32!CCtxComChnl::ContextInvoke+0x19f<br>2c 000000000750e4e0 000007fefda18a83 : 0000000005334ca0 0000000000000000<br>0000000007a0d720 0000000000000000 : ole32!STAInvoke+0x91<br>2d 000000000750e530 000007fefda183b7 : 00000000d0908070 0000000005334ca0<br>000000000010fa30 00000000052f62b0 : ole32!AppInvoke+0x193<br>2e 000000000750e5a0 000007fefda18b15 : 000000000010f810 0000000000000400<br>0000000000000000 0000000000000000 : ole32!ComInvokeWithLockAndIPID+0x407<br>2f 000000000750e720 000007fefd8e9ad9 : 0000000000105f40 0000000000000000<br>00000000000ff008 000000000010f810 : ole32!ComInvoke+0x85<br>30 000000000750e750 000007fefd8e9982 : 0000000005334ca0 000000000010f818<br>0000000000000400 0000000000000000 : ole32!ThreadDispatch+0x29<br>31 000000000750e780 0000000076f5d24a : 0000000000000624 00000000000006cc<br>0000000000000000 0000000007a4fea0 : ole32!ThreadWndProc+0xaa<br>32 000000000750e800 0000000076f5d39e : 000000000750e980 000007fefd8e98d8<br>0000000000000000 0000000001068ae0 : USER32!UserCallWinProcCheckWow+0x1ad<br>33 000000000750e8c0 000007fef67e7a79 : 00000000052e9500 00000000052e9500<br>000007fefd8e98d8 0000000000000100 : USER32!DispatchMessageWorker+0x389<br>34 000000000750e940 000007fef68805ee : 00000000000f2a60 0000000000000000<br>0000000000000000 0000000003440880 :<br>IEFRAME!CBrowserFrame::FrameMessagePump+0x411<br>35 000000000750ea00 000007fef685bd65 : 0000000000000000 0000000000062801<br>00000000052e9500 0000000000000000 : IEFRAME!BrowserThreadProc+0x14d<br>36 000000000750eaa0 000007fef685bdcf : 1012733400000001 0000000000000000<br>0000000000000000 0000000000000000 : IEFRAME!BrowserNewThreadProc+0x98<br>37 000000000750eae0 0000000076e3495d : 0000000000000000 0000000000000000<br>0000000000000000 0000000000000000 : IEFRAME!SHOpenFolderWindow+0x1df<br>38 000000000750fb90 0000000077038791 : 0000000000000000 0000000000000000<br>0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd<br>39 000000000750fbc0 0000000000000000 : 0000000000000000 0000000000000000<br>0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d<br><br>Thanks,<br>-Jeff<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com<br>[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless<br>Sent: Monday, June 22, 2009 3:47 PM<br>To: Kernel Debugging Interest List<br>Subject: [windbg] Weird stack<br><br>When I am kernel debugging on x64 and I am looking at a user-mode stack I<br>get a lot of funky output:<br><br>RetAddr : Args to Child<br>: Call Site<br>00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : mydll!myfunction2
00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc
cccccccccccccccc : mydll!myfunction1<br>cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc<br>0000000000000000 : 0x2ad368
cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000
cccccccccccccccc : 0xcccccccccccccccc
cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc
cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc
0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone
else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare
VM running Windows Vista x64, SP1.

Thanks!
-Jeff


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Here is the info, looks like there is a problem due to debug data not being mapped. Any idea how to fix that?

kd> !lmi mydll.dll
Loaded Module Info: [mydll.dll]
Module: mydll
Base Address: 0000000180000000
Image Name: mydll.dll
Machine Type: 34404 (X64)
Time Stamp: 4a3f57c8 Mon Jun 22 06:07:04 2009
Size: 2da000
CheckSum: 0
Characteristics: 2022
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 83, 26474c, 26394c [Debug data not mapped] - can’t validate symbols, if present.
Image Type: FILE - Image read successfully from debugger.
mydll.dll
Symbol Type: PDB - Symbols loaded successfully from symbol search path.
e:\mydll\x64\debug\Mydll.pdb
Compiler: Resource - front end [0.0 bld 0] - back end [9.0 bld 21022]
Load Report: private symbols & lines, not source indexed
e:\mydll\x64\debug\Mydll.pdb

kd> !dh 0000000180000000

File Type: DLL
FILE HEADER VALUES
8664 machine (X64)
8 number of sections
4A3F57C8 time date stamp Mon Jun 22 06:07:04 2009

0 file pointer to symbol table
0 number of symbols
F0 size of optional header
2022 characteristics
Executable
App can handle >2gb addresses
DLL

OPTIONAL HEADER VALUES
20B magic #
9.00 linker version
1CAE00 size of code
10AE00 size of initialized data
0 size of uninitialized data
10ECF0 address of entry point
1000 base of code
----- new -----
0000000180000000 image base
1000 section alignment
200 file alignment
2 subsystem (Windows GUI)
5.02 operating system version
0.00 image version
5.02 subsystem version
2DA000 size of image
400 size of headers
0 checksum
0000000000100000 size of stack reserve
0000000000001000 size of stack commit
0000000000100000 size of heap reserve
0000000000001000 size of heap commit
0 DLL characteristics
295090 [173] address [size] of Export Directory
2CE000 [3C] address [size] of Import Directory
2D4000 [626] address [size] of Resource Directory
2B3000 [179AC] address [size] of Exception Directory
0 [0] address [size] of Security Directory
2D5000 [2C08] address [size] of Base Relocation Directory
1CD480 [1C] address [size] of Debug Directory
0 [0] address [size] of Description Directory
0 [0] address [size] of Special Directory
0 [0] address [size] of Thread Storage Directory
0 [0] address [size] of Load Configuration Directory
0 [0] address [size] of Bound Import Directory
2CE770 [730] address [size] of Import Address Table Directory
2D0000 [1E0] address [size] of Delay Import Directory
0 [0] address [size] of COR20 Header Directory
0 [0] address [size] of Reserved Directory

I’m assuming that the address of the exception directory is a correct RVA based off the image start so:

kd> dq 0000001802b3000 00000001802b3000 ??????????? ???????????
00000001802b3010 ??????????? ??????????? 00000001802b3020 ??????????? ???????????
00000001802b3030 ??????????? ??????????? 00000001802b3040 ??????????? ???????????
00000001802b3050 ??????????? ??????????? 00000001802b3060 ??????????? ???????????
00000001802b3070 ??????????? ???`???

Looks like it’s paged out.

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Skywing
Sent: Monday, June 22, 2009 5:58 PM
To: Kernel Debugging Interest List
Subject: RE: Re:[windbg] Weird stack

Yes, that’s Bad™. That will cause stack tracing to behave incorrectly. Do you have symbols loaded for mydll? (What’s !lmi mydll show?)

Can you read the exception directory (from !dh mydll – look for the exception directory listing there to find its RVA and length) from mydll?

  • S

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 2:08 PM
To: Kernel Debugging Interest List
Subject: RE: Re:[windbg] Weird stack

No I don’t:

kd> .fnent mydll!myfunc
No function entry for 00000001`800515f0

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: Monday, June 22, 2009 4:53 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] Weird stack

“Skywing” wrote in message
news:xxxxx@windbg…
>You should just use k instead of kv on amd64 as that is completely
>unreadable.

It’s important to have a really wide monitor when dealing with x64 dumps :slight_smile:

I’m also entirely addicted to “kc” now, which shows a much more reasonable
call stack:

0: kd> kc
Call Site
intelppm!C1Halt
intelppm!AcpiC1Idle
nt!PopProcessorIdle
nt!KiIdleLoop
nt!KiSystemStartup
0x0

“Jeff Curless” wrote in message news:xxxxx@windbg…
>Also if I do this:

>Kd> k
>Child-SP RetAddr Call Site
>000000000b29d690 0000000002a0f360 mydll!myfunction+0x70 [my.cpp @ 128]
>000000000b29d698 0000000000000000 0x2a0f360

Very weird. If you do a

.fnent mydll!myfunction

Do you get a result?

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Skywing” wrote in message
news:xxxxx@windbg…
You should just use k instead of kv on amd64 as that is completely
unreadable. :frowning: (Especially on a handheld screen!)

That being said, my guess is that you have an intervening frame for which
unwind information couldn’t be pulled.

Unwinding on amd64 requires reading unwind metadata for each frame. This
can be problematic in kd because of things becoming paged out.

- If part of the loaded module list is paged out, or you did not load user
mode symbols beforehand, then the debugger won’t have a binary for a given
frame’s RIP and unwinding will break* because no unwind metadata can be
found.
- If symbols cannot be loaded and the unwind metadata for a binary is paged
out (not uncommon), then unwinding will break* because no unwind metadata
can be found.
- If you don’t have symbol load notifications enabled (or otherwise weren’t
there to get the notification at the time a particular binary was loaded),
and the image headers are paged out, then the debugger won’t be able to get
unwind metadata and unwinding will break*.
- If the caller was JIT’d code, then unwinding will break* in kernel mode as
the kernel debugger doesn’t support loading the JIT unwind helper DLL
(AFAIK).

*: I believe the debugger will treat these scenarios according to the
specification for a leaf function on amd64. This is going to be incorrect
for a function that isn’t a leaf function.

In your case, we see mydll!myfunction1 returning to 00000000002ad368 (your<br>first example), or mydll!myfunc3 000000000750d9e8 (your second example),
neither of which the debugger has associated with a loaded module. That
means the debugger probably gets lost at those respective frames because it
can’t access the unwind table for those functions.

- S

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 12:56 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

Here is more. It appears to definitely be something to do with my PDBs as
the Microsoft ones from the symbol server look correct…

# Child-SP RetAddr : Args to Child
: Call Site
00 000000000750d9b0 000000000750d9e8 : 000000000750d9e8 000000000750da78
000000000750d9d8 cccccccccccccccc : mydll!myfunc3
01 000000000750d9b8 000000000750d9e8 : 000000000750da78 000000000750d9d8
cccccccccccccccc 0000000007ab0d28 : 0x750d9e8
02 000000000750d9c0 000000000750da78 : 000000000750d9d8 cccccccccccccccc
0000000007ab0d28 cccccc00cccccccc : 0x750d9e8
03 000000000750d9c8 000000000750d9d8 : cccccccccccccccc 0000000007ab0d28
cccccc00cccccccc 00000001802b0268 : 0x750da78
04 000000000750d9d0 cccccccccccccccc : 0000000007ab0d28 cccccc00cccccccc
00000001802b0268 cccccccccccccccc : 0x750d9d8
05 000000000750d9d8 0000000007ab0d28 : cccccc00cccccccc 00000001802b0268
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>06 000000000750d9e0 cccccc00cccccccc : 00000001802b0268 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0x7ab0d28<br>07 000000000750d9e8 00000001802b0268 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc fffffffffffffffe : 0xcccccc00cccccccc
08 000000000750d9f0 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
fffffffffffffffe 000000000750d9e8 : mydll!myfunc2
09 000000000750d9f8 cccccccccccccccc : cccccccccccccccc fffffffffffffffe
000000000750d9e8 000000000750d9e8 : 0xcccccccccccccccc<br>0a 000000000750da00 cccccccccccccccc : fffffffffffffffe 000000000750d9e8<br>000000000750d9e8 cccccccc00000000 : 0xcccccccccccccccc
0b 000000000750da08 fffffffffffffffe : 000000000750d9e8 000000000750d9e8
cccccccc00000000 cccccccccccccccc : 0xcccccccccccccccc<br>0c 000000000750da10 000000000750d9e8 : 000000000750d9e8 cccccccc00000000<br>cccccccccccccccc cccccccccccccccc : 0xfffffffffffffffe
0d 000000000750da18 000000000750d9e8 : cccccccc00000000 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0x750d9e8
0e 000000000750da20 cccccccc00000000 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc 000000000750dac0 : 0x750d9e8
0f 000000000750da28 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
000000000750dac0 00000001800247f0 : 0xcccccccc00000000<br>10 000000000750da30 cccccccccccccccc : cccccccccccccccc 000000000750dac0<br>00000001800247f0 0000000000f6fd60 : 0xcccccccccccccccc
11 000000000750da38 cccccccccccccccc : 000000000750dac0 00000001800247f0
0000000000f6fd60 000000000750da78 : 0xcccccccccccccccc<br>12 000000000750da40 000000000750dac0 : 00000001800247f0 0000000000f6fd60<br>000000000750da78 cccccccccccccccc : 0xcccccccccccccccc
13 000000000750da48 00000001800247f0 : 0000000000f6fd60 000000000750da78
cccccccccccccccc cccccccccccccccc : 0x750dac0
14 000000000750da50 0000000000f6fd60 : 000000000750da78 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : mydll!myfunc1
15 000000000750da58 000000000750da78 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc 0000000007ab09a8 : 0xf6fd60
16 000000000750da60 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
0000000007ab09a8 cccccccccccccccc : 0x750da78
17 000000000750da68 cccccccccccccccc : cccccccccccccccc 0000000007ab09a8
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>18 000000000750da70 cccccccccccccccc : 0000000007ab09a8 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
19 000000000750da78 0000000007ab09a8 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>1a 000000000750da80 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0x7ab09a8<br>1b 000000000750da88 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc fffffffffffffffe : 0xcccccccccccccccc
1c 000000000750da90 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
fffffffffffffffe cccccccccccccccc : 0xcccccccccccccccc<br>1d 000000000750da98 cccccccccccccccc : cccccccccccccccc fffffffffffffffe<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
1e 000000000750daa0 cccccccccccccccc : fffffffffffffffe cccccccccccccccc
cccccccccccccccc 0000000007a99680 : 0xcccccccccccccccc<br>1f 000000000750daa8 fffffffffffffffe : cccccccccccccccc cccccccccccccccc<br>0000000007a99680 000007fefdaf528f : 0xcccccccccccccccc
20 000000000750dab0 cccccccccccccccc : cccccccccccccccc 0000000007a99680
000007fefdaf528f 0000000000f6b760 : 0xfffffffffffffffe<br>21 000000000750dab8 cccccccccccccccc : 0000000007a99680 000007fefdaf528f<br>0000000000f6b760 0000000005e9b827 : 0xcccccccccccccccc
22 000000000750dac0 0000000007a99680 : 000007fefdaf528f 0000000000f6b760
0000000005e9b827 00000000052f62b4 : 0xcccccccccccccccc<br>23 000000000750dac8 000007fefdaf528f : 0000000000f6b760 0000000005e9b827<br>00000000052f62b4 0000000000000400 : 0x7a99680<br>24 000000000750dad0 000007fefdaf54d0 : 000000000750df90 000007fe05e9b827<br>00000000052f62b4 000000000750de80 : OLEAUT32!IDispatch_Invoke_Stub+0xcf<br>25 000000000750db70 000007fefdbd599c : 000007fefdb40082 000000000750df90<br>000007fefdb43a50 000007fefdb426d8 :<br>OLEAUT32!IDispatch_RemoteInvoke_Thunk+0x60<br>26 000000000750dbe0 000007fefdc64442 : 0000000000000000 0000000007ab0798<br>0000000007a96200 000007fefdb625c0 : RPCRT4!NdrStubCall2+0xc0b<br>27 000000000750e1e0 000007fefdafb24e : 0000000000000001 0000000000000000<br>0000000007ab07a8 0000000007ab0770 : RPCRT4!CStdStubBuffer_Invoke+0x9a<br>28 000000000750e210 000007fefda18809 : 0000000000000000 0000000000000000<br>0000000000105f40 00000000001107a0 : OLEAUT32!CStubWrapper::Invoke+0x9e<br>29 000000000750e240 000007fefda1877f : 000000000010f8a0 0000000000117534<br>00000000001107a0 00000001801f7e48 : ole32!SyncStubInvoke+0x5d<br>2a 000000000750e2b0 000007fefd8e85ab : 000000000010f8a0 0000000005334ca0<br>0000000007a0d720 0000000000000001 : ole32!StubInvoke+0xdb<br>2b 000000000750e360 000007fefd8e9bf5 : cccccccc00000000 0000000000117534<br>0000000007ab0770 000000000010f8a0 : ole32!CCtxComChnl::ContextInvoke+0x19f<br>2c 000000000750e4e0 000007fefda18a83 : 0000000005334ca0 0000000000000000<br>0000000007a0d720 0000000000000000 : ole32!STAInvoke+0x91<br>2d 000000000750e530 000007fefda183b7 : 00000000d0908070 0000000005334ca0<br>000000000010fa30 00000000052f62b0 : ole32!AppInvoke+0x193<br>2e 000000000750e5a0 000007fefda18b15 : 000000000010f810 0000000000000400<br>0000000000000000 0000000000000000 : ole32!ComInvokeWithLockAndIPID+0x407<br>2f 000000000750e720 000007fefd8e9ad9 : 0000000000105f40 0000000000000000<br>00000000000ff008 000000000010f810 : ole32!ComInvoke+0x85<br>30 000000000750e750 000007fefd8e9982 : 0000000005334ca0 000000000010f818<br>0000000000000400 0000000000000000 : ole32!ThreadDispatch+0x29<br>31 000000000750e780 0000000076f5d24a : 0000000000000624 00000000000006cc<br>0000000000000000 0000000007a4fea0 : ole32!ThreadWndProc+0xaa<br>32 000000000750e800 0000000076f5d39e : 000000000750e980 000007fefd8e98d8<br>0000000000000000 0000000001068ae0 : USER32!UserCallWinProcCheckWow+0x1ad<br>33 000000000750e8c0 000007fef67e7a79 : 00000000052e9500 00000000052e9500<br>000007fefd8e98d8 0000000000000100 : USER32!DispatchMessageWorker+0x389<br>34 000000000750e940 000007fef68805ee : 00000000000f2a60 0000000000000000<br>0000000000000000 0000000003440880 :<br>IEFRAME!CBrowserFrame::FrameMessagePump+0x411<br>35 000000000750ea00 000007fef685bd65 : 0000000000000000 0000000000062801<br>00000000052e9500 0000000000000000 : IEFRAME!BrowserThreadProc+0x14d<br>36 000000000750eaa0 000007fef685bdcf : 1012733400000001 0000000000000000<br>0000000000000000 0000000000000000 : IEFRAME!BrowserNewThreadProc+0x98<br>37 000000000750eae0 0000000076e3495d : 0000000000000000 0000000000000000<br>0000000000000000 0000000000000000 : IEFRAME!SHOpenFolderWindow+0x1df<br>38 000000000750fb90 0000000077038791 : 0000000000000000 0000000000000000<br>0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd<br>39 000000000750fbc0 0000000000000000 : 0000000000000000 0000000000000000<br>0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d<br><br>Thanks,<br>-Jeff<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com<br>[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless<br>Sent: Monday, June 22, 2009 3:47 PM<br>To: Kernel Debugging Interest List<br>Subject: [windbg] Weird stack<br><br>When I am kernel debugging on x64 and I am looking at a user-mode stack I<br>get a lot of funky output:<br><br>RetAddr : Args to Child<br>: Call Site<br>00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : mydll!myfunction2
00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc
cccccccccccccccc : mydll!myfunction1<br>cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc<br>0000000000000000 : 0x2ad368
cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000
cccccccccccccccc : 0xcccccccccccccccc
cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc
cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc
0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone
else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare
VM running Windows Vista x64, SP1.

Thanks!
-Jeff


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

What does dumpbin /headers mydll.dll report about the debug directory entry? Normally, it would look something like:

CODEVIEW 3c, 16310, 4910 RSDS - GUID: {72F071EC-636E-43DF-B717-93F091154951}

I have no idea of what could cause this, but it certainly looks like a problem or at least unusual (non-rsds, that is).

What are the cl & link command lines you’re using in VS?

mm

Dumpbin /headers:

Debug Directories

Time Type Size RVA Pointer


4A3F57C8 cv 83 0026474C 26394C Format: RSDS, {4A636DA4-2578-40AD-B564-A5731C2D58BE}, 1, E:\mydll\x64\Debug\mydll.pdb

CL:

/Od /I “…\Common” /D “WIN32” /D “_DEBUG” /D “_WINDOWS” /D “_USRDLL” /D “_MERGE_PROXYSTUB” /D “AMD64” /D “_WINDLL” /D “_ATL_STATIC_REGISTRY” /D “_UNICODE” /D “UNICODE” /Gm /EHa /RTC1 /MTd /Yu"stdafx.h" /Fp"x64\Debug\mydll.pch" /Fo"x64\Debug" /Fd"x64\Debug\vc90.pdb" /W4 /WX /nologo /c /Zi /TP /wd4996 /wd4100 /wd4189 /errorReport:prompt

Link:

/OUT:“mydll.dll” /INCREMENTAL /NOLOGO /LIBPATH:“E:\mydll\x64\Debug” /DLL /MANIFEST:NO /DELAYLOAD:“version.DLL” /DELAYLOAD:“gdi32.dll” /DELAYLOAD:“Gdiplus.dll” /DELAYLOAD:“comctl32.dll” /DELAYLOAD:“Netapi32.DLL” /DELAYLOAD:“urlmon.DLL” /DELAYLOAD:“Crypt32.dll” /DELAYLOAD:“oleaut32.dll” /DELAYLOAD:“ole32.dll” /DELAYLOAD:“shell32.dll” /DELAYLOAD:“advapi32.dll” /DELAYLOAD:“user32.dll” /DELAYLOAD:“wintrust.dll” /DELAYLOAD:“wininet.dll” /DELAYLOAD:“psapi.dll” /DEBUG /PDB:“e:\mydll\x64\Debug\STSensor64.pdb” /DYNAMICBASE:NO /MACHINE:X64 /ERRORREPORT:PROMPT version.lib Gdiplus.lib comctl32.lib Netapi32.lib urlmon.lib wintrust.lib Crypt32.lib wininet.lib psapi.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib DelayImp.lib

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@evitechnology.com
Sent: Monday, June 22, 2009 6:25 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

What does dumpbin /headers mydll.dll report about the debug directory entry? Normally, it would look something like:

CODEVIEW 3c, 16310, 4910 RSDS - GUID: {72F071EC-636E-43DF-B717-93F091154951}

I have no idea of what could cause this, but it certainly looks like a problem or at least unusual (non-rsds, that is).

What are the cl & link command lines you’re using in VS?

mm


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

I just noticed when I do a !dh I get this too:

Debug Directories(1)
Type Size Address Pointer
cv 83 26474c 26394c Can’t read debug data cb=0

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 6:35 PM
To: Kernel Debugging Interest List
Subject: RE: RE:[windbg] Weird stack

Dumpbin /headers:

Debug Directories

Time Type Size RVA Pointer


4A3F57C8 cv 83 0026474C 26394C Format: RSDS, {4A636DA4-2578-40AD-B564-A5731C2D58BE}, 1, E:\mydll\x64\Debug\mydll.pdb

CL:

/Od /I “…\Common” /D “WIN32” /D “_DEBUG” /D “_WINDOWS” /D “_USRDLL” /D “_MERGE_PROXYSTUB” /D “AMD64” /D “_WINDLL” /D “_ATL_STATIC_REGISTRY” /D “_UNICODE” /D “UNICODE” /Gm /EHa /RTC1 /MTd /Yu"stdafx.h" /Fp"x64\Debug\mydll.pch" /Fo"x64\Debug" /Fd"x64\Debug\vc90.pdb" /W4 /WX /nologo /c /Zi /TP /wd4996 /wd4100 /wd4189 /errorReport:prompt

Link:

/OUT:“mydll.dll” /INCREMENTAL /NOLOGO /LIBPATH:“E:\mydll\x64\Debug” /DLL /MANIFEST:NO /DELAYLOAD:“version.DLL” /DELAYLOAD:“gdi32.dll” /DELAYLOAD:“Gdiplus.dll” /DELAYLOAD:“comctl32.dll” /DELAYLOAD:“Netapi32.DLL” /DELAYLOAD:“urlmon.DLL” /DELAYLOAD:“Crypt32.dll” /DELAYLOAD:“oleaut32.dll” /DELAYLOAD:“ole32.dll” /DELAYLOAD:“shell32.dll” /DELAYLOAD:“advapi32.dll” /DELAYLOAD:“user32.dll” /DELAYLOAD:“wintrust.dll” /DELAYLOAD:“wininet.dll” /DELAYLOAD:“psapi.dll” /DEBUG /PDB:“e:\mydll\x64\Debug\STSensor64.pdb” /DYNAMICBASE:NO /MACHINE:X64 /ERRORREPORT:PROMPT version.lib Gdiplus.lib comctl32.lib Netapi32.lib urlmon.lib wintrust.lib Crypt32.lib wininet.lib psapi.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib DelayImp.lib

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@evitechnology.com
Sent: Monday, June 22, 2009 6:25 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

What does dumpbin /headers mydll.dll report about the debug directory entry? Normally, it would look something like:

CODEVIEW 3c, 16310, 4910 RSDS - GUID: {72F071EC-636E-43DF-B717-93F091154951}

I have no idea of what could cause this, but it certainly looks like a problem or at least unusual (non-rsds, that is).

What are the cl & link command lines you’re using in VS?

mm


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Where did this come from: /PDB:“e:\mydll\x64\Debug\STSensor64.pdb”

That is, why isn’t it ‘mydll.pdb?’

mm

It should be… I missed it with replace.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@evitechnology.com
Sent: Monday, June 22, 2009 6:50 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

Where did this come from: /PDB:“e:\mydll\x64\Debug\STSensor64.pdb”

That is, why isn’t it ‘mydll.pdb?’

mm


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

No, it loaded symbols (“Symbol Type - PDB”). I assume this is the latest release?

  • S

-----Original Message-----
From: Jeff Curless
Sent: Monday, June 22, 2009 15:17
To: Kernel Debugging Interest List
Subject: RE: Re:[windbg] Weird stack

Here is the info, looks like there is a problem due to debug data not being mapped. Any idea how to fix that?

kd> !lmi mydll.dll
Loaded Module Info: [mydll.dll]
Module: mydll
Base Address: 0000000180000000
Image Name: mydll.dll
Machine Type: 34404 (X64)
Time Stamp: 4a3f57c8 Mon Jun 22 06:07:04 2009
Size: 2da000
CheckSum: 0
Characteristics: 2022
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 83, 26474c, 26394c [Debug data not mapped] - can’t validate symbols, if present.
Image Type: FILE - Image read successfully from debugger.
mydll.dll
Symbol Type: PDB - Symbols loaded successfully from symbol search path.
e:\mydll\x64\debug\Mydll.pdb
Compiler: Resource - front end [0.0 bld 0] - back end [9.0 bld 21022]
Load Report: private symbols & lines, not source indexed
e:\mydll\x64\debug\Mydll.pdb

kd> !dh 0000000180000000

File Type: DLL
FILE HEADER VALUES
8664 machine (X64)
8 number of sections
4A3F57C8 time date stamp Mon Jun 22 06:07:04 2009

0 file pointer to symbol table
0 number of symbols
F0 size of optional header
2022 characteristics
Executable
App can handle >2gb addresses
DLL

OPTIONAL HEADER VALUES
20B magic #
9.00 linker version
1CAE00 size of code
10AE00 size of initialized data
0 size of uninitialized data
10ECF0 address of entry point
1000 base of code
----- new -----
0000000180000000 image base
1000 section alignment
200 file alignment
2 subsystem (Windows GUI)
5.02 operating system version
0.00 image version
5.02 subsystem version
2DA000 size of image
400 size of headers
0 checksum
0000000000100000 size of stack reserve
0000000000001000 size of stack commit
0000000000100000 size of heap reserve
0000000000001000 size of heap commit
0 DLL characteristics
295090 [173] address [size] of Export Directory
2CE000 [3C] address [size] of Import Directory
2D4000 [626] address [size] of Resource Directory
2B3000 [179AC] address [size] of Exception Directory
0 [0] address [size] of Security Directory
2D5000 [2C08] address [size] of Base Relocation Directory
1CD480 [1C] address [size] of Debug Directory
0 [0] address [size] of Description Directory
0 [0] address [size] of Special Directory
0 [0] address [size] of Thread Storage Directory
0 [0] address [size] of Load Configuration Directory
0 [0] address [size] of Bound Import Directory
2CE770 [730] address [size] of Import Address Table Directory
2D0000 [1E0] address [size] of Delay Import Directory
0 [0] address [size] of COR20 Header Directory
0 [0] address [size] of Reserved Directory

I’m assuming that the address of the exception directory is a correct RVA based off the image start so:

kd> dq 0000001802b3000<br>00000001802b3000 ??????????? ???????????
00000001802b3010 ??????????? ???????????<br>00000001802b3020 ??????????? ???????????
00000001802b3030 ??????????? ???????????<br>00000001802b3040 ??????????? ???????????
00000001802b3050 ??????????? ???????????<br>00000001802b3060 ??????????? ???????????
00000001802b3070 ??????????? ???????????<br><br>Looks like it's paged out.<br><br>-Jeff<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Skywing<br>Sent: Monday, June 22, 2009 5:58 PM<br>To: Kernel Debugging Interest List<br>Subject: RE: Re:[windbg] Weird stack<br><br>Yes, that's Bad(tm). That will cause stack tracing to behave incorrectly. Do you have symbols loaded for mydll? (What's !lmi mydll show?)<br><br>Can you read the exception directory (from !dh mydll -- look for the exception directory listing there to find its RVA and length) from mydll?<br><br>- S<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless<br>Sent: Monday, June 22, 2009 2:08 PM<br>To: Kernel Debugging Interest List<br>Subject: RE: Re:[windbg] Weird stack<br><br>No I don't:<br><br>kd&gt; .fnent mydll!myfunc<br>No function entry for 00000001800515f0

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: Monday, June 22, 2009 4:53 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] Weird stack

“Skywing” wrote in message
news:xxxxx@windbg…
>You should just use k instead of kv on amd64 as that is completely
>unreadable.

It’s important to have a really wide monitor when dealing with x64 dumps :slight_smile:

I’m also entirely addicted to “kc” now, which shows a much more reasonable
call stack:

0: kd> kc
Call Site
intelppm!C1Halt
intelppm!AcpiC1Idle
nt!PopProcessorIdle
nt!KiIdleLoop
nt!KiSystemStartup
0x0

“Jeff Curless” wrote in message news:xxxxx@windbg…
>Also if I do this:

>Kd> k
>Child-SP RetAddr Call Site
>000000000b29d690 0000000002a0f360 mydll!myfunction+0x70 [my.cpp @ 128]
>000000000b29d698 0000000000000000 0x2a0f360

Very weird. If you do a

.fnent mydll!myfunction

Do you get a result?

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Skywing” wrote in message
news:xxxxx@windbg…
You should just use k instead of kv on amd64 as that is completely
unreadable. :frowning: (Especially on a handheld screen!)

That being said, my guess is that you have an intervening frame for which
unwind information couldn’t be pulled.

Unwinding on amd64 requires reading unwind metadata for each frame. This
can be problematic in kd because of things becoming paged out.

- If part of the loaded module list is paged out, or you did not load user
mode symbols beforehand, then the debugger won’t have a binary for a given
frame’s RIP and unwinding will break* because no unwind metadata can be
found.
- If symbols cannot be loaded and the unwind metadata for a binary is paged
out (not uncommon), then unwinding will break* because no unwind metadata
can be found.
- If you don’t have symbol load notifications enabled (or otherwise weren’t
there to get the notification at the time a particular binary was loaded),
and the image headers are paged out, then the debugger won’t be able to get
unwind metadata and unwinding will break*.
- If the caller was JIT’d code, then unwinding will break* in kernel mode as
the kernel debugger doesn’t support loading the JIT unwind helper DLL
(AFAIK).

*: I believe the debugger will treat these scenarios according to the
specification for a leaf function on amd64. This is going to be incorrect
for a function that isn’t a leaf function.

In your case, we see mydll!myfunction1 returning to 00000000002ad368 (your<br>first example), or mydll!myfunc3 000000000750d9e8 (your second example),
neither of which the debugger has associated with a loaded module. That
means the debugger probably gets lost at those respective frames because it
can’t access the unwind table for those functions.

- S

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 12:56 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

Here is more. It appears to definitely be something to do with my PDBs as
the Microsoft ones from the symbol server look correct…

# Child-SP RetAddr : Args to Child
: Call Site
00 000000000750d9b0 000000000750d9e8 : 000000000750d9e8 000000000750da78
000000000750d9d8 cccccccccccccccc : mydll!myfunc3
01 000000000750d9b8 000000000750d9e8 : 000000000750da78 000000000750d9d8
cccccccccccccccc 0000000007ab0d28 : 0x750d9e8
02 000000000750d9c0 000000000750da78 : 000000000750d9d8 cccccccccccccccc
0000000007ab0d28 cccccc00cccccccc : 0x750d9e8
03 000000000750d9c8 000000000750d9d8 : cccccccccccccccc 0000000007ab0d28
cccccc00cccccccc 00000001802b0268 : 0x750da78
04 000000000750d9d0 cccccccccccccccc : 0000000007ab0d28 cccccc00cccccccc
00000001802b0268 cccccccccccccccc : 0x750d9d8
05 000000000750d9d8 0000000007ab0d28 : cccccc00cccccccc 00000001802b0268
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>06 000000000750d9e0 cccccc00cccccccc : 00000001802b0268 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0x7ab0d28<br>07 000000000750d9e8 00000001802b0268 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc fffffffffffffffe : 0xcccccc00cccccccc
08 000000000750d9f0 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
fffffffffffffffe 000000000750d9e8 : mydll!myfunc2
09 000000000750d9f8 cccccccccccccccc : cccccccccccccccc fffffffffffffffe
000000000750d9e8 000000000750d9e8 : 0xcccccccccccccccc<br>0a 000000000750da00 cccccccccccccccc : fffffffffffffffe 000000000750d9e8<br>000000000750d9e8 cccccccc00000000 : 0xcccccccccccccccc
0b 000000000750da08 fffffffffffffffe : 000000000750d9e8 000000000750d9e8
cccccccc00000000 cccccccccccccccc : 0xcccccccccccccccc<br>0c 000000000750da10 000000000750d9e8 : 000000000750d9e8 cccccccc00000000<br>cccccccccccccccc cccccccccccccccc : 0xfffffffffffffffe
0d 000000000750da18 000000000750d9e8 : cccccccc00000000 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0x750d9e8
0e 000000000750da20 cccccccc00000000 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc 000000000750dac0 : 0x750d9e8
0f 000000000750da28 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
000000000750dac0 00000001800247f0 : 0xcccccccc00000000<br>10 000000000750da30 cccccccccccccccc : cccccccccccccccc 000000000750dac0<br>00000001800247f0 0000000000f6fd60 : 0xcccccccccccccccc
11 000000000750da38 cccccccccccccccc : 000000000750dac0 00000001800247f0
0000000000f6fd60 000000000750da78 : 0xcccccccccccccccc<br>12 000000000750da40 000000000750dac0 : 00000001800247f0 0000000000f6fd60<br>000000000750da78 cccccccccccccccc : 0xcccccccccccccccc
13 000000000750da48 00000001800247f0 : 0000000000f6fd60 000000000750da78
cccccccccccccccc cccccccccccccccc : 0x750dac0
14 000000000750da50 0000000000f6fd60 : 000000000750da78 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : mydll!myfunc1
15 000000000750da58 000000000750da78 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc 0000000007ab09a8 : 0xf6fd60
16 000000000750da60 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
0000000007ab09a8 cccccccccccccccc : 0x750da78
17 000000000750da68 cccccccccccccccc : cccccccccccccccc 0000000007ab09a8
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>18 000000000750da70 cccccccccccccccc : 0000000007ab09a8 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
19 000000000750da78 0000000007ab09a8 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>1a 000000000750da80 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0x7ab09a8<br>1b 000000000750da88 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc fffffffffffffffe : 0xcccccccccccccccc
1c 000000000750da90 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
fffffffffffffffe cccccccccccccccc : 0xcccccccccccccccc<br>1d 000000000750da98 cccccccccccccccc : cccccccccccccccc fffffffffffffffe<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
1e 000000000750daa0 cccccccccccccccc : fffffffffffffffe cccccccccccccccc
cccccccccccccccc 0000000007a99680 : 0xcccccccccccccccc<br>1f 000000000750daa8 fffffffffffffffe : cccccccccccccccc cccccccccccccccc<br>0000000007a99680 000007fefdaf528f : 0xcccccccccccccccc
20 000000000750dab0 cccccccccccccccc : cccccccccccccccc 0000000007a99680
000007fefdaf528f 0000000000f6b760 : 0xfffffffffffffffe<br>21 000000000750dab8 cccccccccccccccc : 0000000007a99680 000007fefdaf528f<br>0000000000f6b760 0000000005e9b827 : 0xcccccccccccccccc
22 000000000750dac0 0000000007a99680 : 000007fefdaf528f 0000000000f6b760
0000000005e9b827 00000000052f62b4 : 0xcccccccccccccccc<br>23 000000000750dac8 000007fefdaf528f : 0000000000f6b760 0000000005e9b827<br>00000000052f62b4 0000000000000400 : 0x7a99680<br>24 000000000750dad0 000007fefdaf54d0 : 000000000750df90 000007fe05e9b827<br>00000000052f62b4 000000000750de80 : OLEAUT32!IDispatch_Invoke_Stub+0xcf<br>25 000000000750db70 000007fefdbd599c : 000007fefdb40082 000000000750df90<br>000007fefdb43a50 000007fefdb426d8 :<br>OLEAUT32!IDispatch_RemoteInvoke_Thunk+0x60<br>26 000000000750dbe0 000007fefdc64442 : 0000000000000000 0000000007ab0798<br>0000000007a96200 000007fefdb625c0 : RPCRT4!NdrStubCall2+0xc0b<br>27 000000000750e1e0 000007fefdafb24e : 0000000000000001 0000000000000000<br>0000000007ab07a8 0000000007ab0770 : RPCRT4!CStdStubBuffer_Invoke+0x9a<br>28 000000000750e210 000007fefda18809 : 0000000000000000 0000000000000000<br>0000000000105f40 00000000001107a0 : OLEAUT32!CStubWrapper::Invoke+0x9e<br>29 000000000750e240 000007fefda1877f : 000000000010f8a0 0000000000117534<br>00000000001107a0 00000001801f7e48 : ole32!SyncStubInvoke+0x5d<br>2a 000000000750e2b0 000007fefd8e85ab : 000000000010f8a0 0000000005334ca0<br>0000000007a0d720 0000000000000001 : ole32!StubInvoke+0xdb<br>2b 000000000750e360 000007fefd8e9bf5 : cccccccc00000000 0000000000117534<br>0000000007ab0770 000000000010f8a0 : ole32!CCtxComChnl::ContextInvoke+0x19f<br>2c 000000000750e4e0 000007fefda18a83 : 0000000005334ca0 0000000000000000<br>0000000007a0d720 0000000000000000 : ole32!STAInvoke+0x91<br>2d 000000000750e530 000007fefda183b7 : 00000000d0908070 0000000005334ca0<br>000000000010fa30 00000000052f62b0 : ole32!AppInvoke+0x193<br>2e 000000000750e5a0 000007fefda18b15 : 000000000010f810 0000000000000400<br>0000000000000000 0000000000000000 : ole32!ComInvokeWithLockAndIPID+0x407<br>2f 000000000750e720 000007fefd8e9ad9 : 0000000000105f40 0000000000000000<br>00000000000ff008 000000000010f810 : ole32!ComInvoke+0x85<br>30 000000000750e750 000007fefd8e9982 : 0000000005334ca0 000000000010f818<br>0000000000000400 0000000000000000 : ole32!ThreadDispatch+0x29<br>31 000000000750e780 0000000076f5d24a : 0000000000000624 00000000000006cc<br>0000000000000000 0000000007a4fea0 : ole32!ThreadWndProc+0xaa<br>32 000000000750e800 0000000076f5d39e : 000000000750e980 000007fefd8e98d8<br>0000000000000000 0000000001068ae0 : USER32!UserCallWinProcCheckWow+0x1ad<br>33 000000000750e8c0 000007fef67e7a79 : 00000000052e9500 00000000052e9500<br>000007fefd8e98d8 0000000000000100 : USER32!DispatchMessageWorker+0x389<br>34 000000000750e940 000007fef68805ee : 00000000000f2a60 0000000000000000<br>0000000000000000 0000000003440880 :<br>IEFRAME!CBrowserFrame::FrameMessagePump+0x411<br>35 000000000750ea00 000007fef685bd65 : 0000000000000000 0000000000062801<br>00000000052e9500 0000000000000000 : IEFRAME!BrowserThreadProc+0x14d<br>36 000000000750eaa0 000007fef685bdcf : 1012733400000001 0000000000000000<br>0000000000000000 0000000000000000 : IEFRAME!BrowserNewThreadProc+0x98<br>37 000000000750eae0 0000000076e3495d : 0000000000000000 0000000000000000<br>0000000000000000 0000000000000000 : IEFRAME!SHOpenFolderWindow+0x1df<br>38 000000000750fb90 0000000077038791 : 0000000000000000 0000000000000000<br>0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd<br>39 000000000750fbc0 0000000000000000 : 0000000000000000 0000000000000000<br>0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d<br><br>Thanks,<br>-Jeff<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com<br>[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless<br>Sent: Monday, June 22, 2009 3:47 PM<br>To: Kernel Debugging Interest List<br>Subject: [windbg] Weird stack<br><br>When I am kernel debugging on x64 and I am looking at a user-mode stack I<br>get a lot of funky output:<br><br>RetAddr : Args to Child<br>: Call Site<br>00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : mydll!myfunction2
00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc
cccccccccccccccc : mydll!myfunction1<br>cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc<br>0000000000000000 : 0x2ad368
cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000
cccccccccccccccc : 0xcccccccccccccccc
cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc
cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc
0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone
else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare
VM running Windows Vista x64, SP1.

Thanks!
-Jeff


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Yes this is the latest release. I know the PDB is loaded, but the !lmi output says that the debug data is not mapped, which is what I meant. If I connect to the process with Windbg from user-mode, it apparently maps it no problem, which makes sense.

So this is probably an issue of the information being paged out/not mapped and the kernel mode debugger not being able to get to it. Now I thought specifying the image path would help this, since Windbg could just read the debug data from the local image on disk.

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Skywing
Sent: Monday, June 22, 2009 9:45 PM
To: Kernel Debugging Interest List
Subject: RE: Re:[windbg] Weird stack

No, it loaded symbols (“Symbol Type - PDB”). I assume this is the latest release?

  • S

-----Original Message-----
From: Jeff Curless
Sent: Monday, June 22, 2009 15:17
To: Kernel Debugging Interest List
Subject: RE: Re:[windbg] Weird stack

Here is the info, looks like there is a problem due to debug data not being mapped. Any idea how to fix that?

kd> !lmi mydll.dll
Loaded Module Info: [mydll.dll]
Module: mydll
Base Address: 0000000180000000
Image Name: mydll.dll
Machine Type: 34404 (X64)
Time Stamp: 4a3f57c8 Mon Jun 22 06:07:04 2009
Size: 2da000
CheckSum: 0
Characteristics: 2022
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 83, 26474c, 26394c [Debug data not mapped] - can’t validate symbols, if present.
Image Type: FILE - Image read successfully from debugger.
mydll.dll
Symbol Type: PDB - Symbols loaded successfully from symbol search path.
e:\mydll\x64\debug\Mydll.pdb
Compiler: Resource - front end [0.0 bld 0] - back end [9.0 bld 21022]
Load Report: private symbols & lines, not source indexed
e:\mydll\x64\debug\Mydll.pdb

kd> !dh 0000000180000000

File Type: DLL
FILE HEADER VALUES
8664 machine (X64)
8 number of sections
4A3F57C8 time date stamp Mon Jun 22 06:07:04 2009

0 file pointer to symbol table
0 number of symbols
F0 size of optional header
2022 characteristics
Executable
App can handle >2gb addresses
DLL

OPTIONAL HEADER VALUES
20B magic #
9.00 linker version
1CAE00 size of code
10AE00 size of initialized data
0 size of uninitialized data
10ECF0 address of entry point
1000 base of code
----- new -----
0000000180000000 image base
1000 section alignment
200 file alignment
2 subsystem (Windows GUI)
5.02 operating system version
0.00 image version
5.02 subsystem version
2DA000 size of image
400 size of headers
0 checksum
0000000000100000 size of stack reserve
0000000000001000 size of stack commit
0000000000100000 size of heap reserve
0000000000001000 size of heap commit
0 DLL characteristics
295090 [173] address [size] of Export Directory
2CE000 [3C] address [size] of Import Directory
2D4000 [626] address [size] of Resource Directory
2B3000 [179AC] address [size] of Exception Directory
0 [0] address [size] of Security Directory
2D5000 [2C08] address [size] of Base Relocation Directory
1CD480 [1C] address [size] of Debug Directory
0 [0] address [size] of Description Directory
0 [0] address [size] of Special Directory
0 [0] address [size] of Thread Storage Directory
0 [0] address [size] of Load Configuration Directory
0 [0] address [size] of Bound Import Directory
2CE770 [730] address [size] of Import Address Table Directory
2D0000 [1E0] address [size] of Delay Import Directory
0 [0] address [size] of COR20 Header Directory
0 [0] address [size] of Reserved Directory

I’m assuming that the address of the exception directory is a correct RVA based off the image start so:

kd> dq 0000001802b3000<br>00000001802b3000 ??????????? ???????????
00000001802b3010 ??????????? ???????????<br>00000001802b3020 ??????????? ???????????
00000001802b3030 ??????????? ???????????<br>00000001802b3040 ??????????? ???????????
00000001802b3050 ??????????? ???????????<br>00000001802b3060 ??????????? ???????????
00000001802b3070 ??????????? ???????????<br><br>Looks like it's paged out.<br><br>-Jeff<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Skywing<br>Sent: Monday, June 22, 2009 5:58 PM<br>To: Kernel Debugging Interest List<br>Subject: RE: Re:[windbg] Weird stack<br><br>Yes, that's Bad(tm). That will cause stack tracing to behave incorrectly. Do you have symbols loaded for mydll? (What's !lmi mydll show?)<br><br>Can you read the exception directory (from !dh mydll -- look for the exception directory listing there to find its RVA and length) from mydll?<br><br>- S<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless<br>Sent: Monday, June 22, 2009 2:08 PM<br>To: Kernel Debugging Interest List<br>Subject: RE: Re:[windbg] Weird stack<br><br>No I don't:<br><br>kd&gt; .fnent mydll!myfunc<br>No function entry for 00000001800515f0

-Jeff

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: Monday, June 22, 2009 4:53 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] Weird stack

“Skywing” wrote in message
news:xxxxx@windbg…
>You should just use k instead of kv on amd64 as that is completely
>unreadable.

It’s important to have a really wide monitor when dealing with x64 dumps :slight_smile:

I’m also entirely addicted to “kc” now, which shows a much more reasonable
call stack:

0: kd> kc
Call Site
intelppm!C1Halt
intelppm!AcpiC1Idle
nt!PopProcessorIdle
nt!KiIdleLoop
nt!KiSystemStartup
0x0

“Jeff Curless” wrote in message news:xxxxx@windbg…
>Also if I do this:

>Kd> k
>Child-SP RetAddr Call Site
>000000000b29d690 0000000002a0f360 mydll!myfunction+0x70 [my.cpp @ 128]
>000000000b29d698 0000000000000000 0x2a0f360

Very weird. If you do a

.fnent mydll!myfunction

Do you get a result?

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Skywing” wrote in message
news:xxxxx@windbg…
You should just use k instead of kv on amd64 as that is completely
unreadable. :frowning: (Especially on a handheld screen!)

That being said, my guess is that you have an intervening frame for which
unwind information couldn’t be pulled.

Unwinding on amd64 requires reading unwind metadata for each frame. This
can be problematic in kd because of things becoming paged out.

- If part of the loaded module list is paged out, or you did not load user
mode symbols beforehand, then the debugger won’t have a binary for a given
frame’s RIP and unwinding will break* because no unwind metadata can be
found.
- If symbols cannot be loaded and the unwind metadata for a binary is paged
out (not uncommon), then unwinding will break* because no unwind metadata
can be found.
- If you don’t have symbol load notifications enabled (or otherwise weren’t
there to get the notification at the time a particular binary was loaded),
and the image headers are paged out, then the debugger won’t be able to get
unwind metadata and unwinding will break*.
- If the caller was JIT’d code, then unwinding will break* in kernel mode as
the kernel debugger doesn’t support loading the JIT unwind helper DLL
(AFAIK).

*: I believe the debugger will treat these scenarios according to the
specification for a leaf function on amd64. This is going to be incorrect
for a function that isn’t a leaf function.

In your case, we see mydll!myfunction1 returning to 00000000002ad368 (your<br>first example), or mydll!myfunc3 000000000750d9e8 (your second example),
neither of which the debugger has associated with a loaded module. That
means the debugger probably gets lost at those respective frames because it
can’t access the unwind table for those functions.

- S

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless
Sent: Monday, June 22, 2009 12:56 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Weird stack

Here is more. It appears to definitely be something to do with my PDBs as
the Microsoft ones from the symbol server look correct…

# Child-SP RetAddr : Args to Child
: Call Site
00 000000000750d9b0 000000000750d9e8 : 000000000750d9e8 000000000750da78
000000000750d9d8 cccccccccccccccc : mydll!myfunc3
01 000000000750d9b8 000000000750d9e8 : 000000000750da78 000000000750d9d8
cccccccccccccccc 0000000007ab0d28 : 0x750d9e8
02 000000000750d9c0 000000000750da78 : 000000000750d9d8 cccccccccccccccc
0000000007ab0d28 cccccc00cccccccc : 0x750d9e8
03 000000000750d9c8 000000000750d9d8 : cccccccccccccccc 0000000007ab0d28
cccccc00cccccccc 00000001802b0268 : 0x750da78
04 000000000750d9d0 cccccccccccccccc : 0000000007ab0d28 cccccc00cccccccc
00000001802b0268 cccccccccccccccc : 0x750d9d8
05 000000000750d9d8 0000000007ab0d28 : cccccc00cccccccc 00000001802b0268
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>06 000000000750d9e0 cccccc00cccccccc : 00000001802b0268 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0x7ab0d28<br>07 000000000750d9e8 00000001802b0268 : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc fffffffffffffffe : 0xcccccc00cccccccc
08 000000000750d9f0 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
fffffffffffffffe 000000000750d9e8 : mydll!myfunc2
09 000000000750d9f8 cccccccccccccccc : cccccccccccccccc fffffffffffffffe
000000000750d9e8 000000000750d9e8 : 0xcccccccccccccccc<br>0a 000000000750da00 cccccccccccccccc : fffffffffffffffe 000000000750d9e8<br>000000000750d9e8 cccccccc00000000 : 0xcccccccccccccccc
0b 000000000750da08 fffffffffffffffe : 000000000750d9e8 000000000750d9e8
cccccccc00000000 cccccccccccccccc : 0xcccccccccccccccc<br>0c 000000000750da10 000000000750d9e8 : 000000000750d9e8 cccccccc00000000<br>cccccccccccccccc cccccccccccccccc : 0xfffffffffffffffe
0d 000000000750da18 000000000750d9e8 : cccccccc00000000 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0x750d9e8
0e 000000000750da20 cccccccc00000000 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc 000000000750dac0 : 0x750d9e8
0f 000000000750da28 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
000000000750dac0 00000001800247f0 : 0xcccccccc00000000<br>10 000000000750da30 cccccccccccccccc : cccccccccccccccc 000000000750dac0<br>00000001800247f0 0000000000f6fd60 : 0xcccccccccccccccc
11 000000000750da38 cccccccccccccccc : 000000000750dac0 00000001800247f0
0000000000f6fd60 000000000750da78 : 0xcccccccccccccccc<br>12 000000000750da40 000000000750dac0 : 00000001800247f0 0000000000f6fd60<br>000000000750da78 cccccccccccccccc : 0xcccccccccccccccc
13 000000000750da48 00000001800247f0 : 0000000000f6fd60 000000000750da78
cccccccccccccccc cccccccccccccccc : 0x750dac0
14 000000000750da50 0000000000f6fd60 : 000000000750da78 cccccccccccccccc
cccccccccccccccc cccccccccccccccc : mydll!myfunc1
15 000000000750da58 000000000750da78 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc 0000000007ab09a8 : 0xf6fd60
16 000000000750da60 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
0000000007ab09a8 cccccccccccccccc : 0x750da78
17 000000000750da68 cccccccccccccccc : cccccccccccccccc 0000000007ab09a8
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>18 000000000750da70 cccccccccccccccc : 0000000007ab09a8 cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
19 000000000750da78 0000000007ab09a8 : cccccccccccccccc cccccccccccccccc
cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc<br>1a 000000000750da80 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc cccccccccccccccc : 0x7ab09a8<br>1b 000000000750da88 cccccccccccccccc : cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc fffffffffffffffe : 0xcccccccccccccccc
1c 000000000750da90 cccccccccccccccc : cccccccccccccccc cccccccccccccccc
fffffffffffffffe cccccccccccccccc : 0xcccccccccccccccc<br>1d 000000000750da98 cccccccccccccccc : cccccccccccccccc fffffffffffffffe<br>cccccccccccccccc cccccccccccccccc : 0xcccccccccccccccc
1e 000000000750daa0 cccccccccccccccc : fffffffffffffffe cccccccccccccccc
cccccccccccccccc 0000000007a99680 : 0xcccccccccccccccc<br>1f 000000000750daa8 fffffffffffffffe : cccccccccccccccc cccccccccccccccc<br>0000000007a99680 000007fefdaf528f : 0xcccccccccccccccc
20 000000000750dab0 cccccccccccccccc : cccccccccccccccc 0000000007a99680
000007fefdaf528f 0000000000f6b760 : 0xfffffffffffffffe<br>21 000000000750dab8 cccccccccccccccc : 0000000007a99680 000007fefdaf528f<br>0000000000f6b760 0000000005e9b827 : 0xcccccccccccccccc
22 000000000750dac0 0000000007a99680 : 000007fefdaf528f 0000000000f6b760
0000000005e9b827 00000000052f62b4 : 0xcccccccccccccccc<br>23 000000000750dac8 000007fefdaf528f : 0000000000f6b760 0000000005e9b827<br>00000000052f62b4 0000000000000400 : 0x7a99680<br>24 000000000750dad0 000007fefdaf54d0 : 000000000750df90 000007fe05e9b827<br>00000000052f62b4 000000000750de80 : OLEAUT32!IDispatch_Invoke_Stub+0xcf<br>25 000000000750db70 000007fefdbd599c : 000007fefdb40082 000000000750df90<br>000007fefdb43a50 000007fefdb426d8 :<br>OLEAUT32!IDispatch_RemoteInvoke_Thunk+0x60<br>26 000000000750dbe0 000007fefdc64442 : 0000000000000000 0000000007ab0798<br>0000000007a96200 000007fefdb625c0 : RPCRT4!NdrStubCall2+0xc0b<br>27 000000000750e1e0 000007fefdafb24e : 0000000000000001 0000000000000000<br>0000000007ab07a8 0000000007ab0770 : RPCRT4!CStdStubBuffer_Invoke+0x9a<br>28 000000000750e210 000007fefda18809 : 0000000000000000 0000000000000000<br>0000000000105f40 00000000001107a0 : OLEAUT32!CStubWrapper::Invoke+0x9e<br>29 000000000750e240 000007fefda1877f : 000000000010f8a0 0000000000117534<br>00000000001107a0 00000001801f7e48 : ole32!SyncStubInvoke+0x5d<br>2a 000000000750e2b0 000007fefd8e85ab : 000000000010f8a0 0000000005334ca0<br>0000000007a0d720 0000000000000001 : ole32!StubInvoke+0xdb<br>2b 000000000750e360 000007fefd8e9bf5 : cccccccc00000000 0000000000117534<br>0000000007ab0770 000000000010f8a0 : ole32!CCtxComChnl::ContextInvoke+0x19f<br>2c 000000000750e4e0 000007fefda18a83 : 0000000005334ca0 0000000000000000<br>0000000007a0d720 0000000000000000 : ole32!STAInvoke+0x91<br>2d 000000000750e530 000007fefda183b7 : 00000000d0908070 0000000005334ca0<br>000000000010fa30 00000000052f62b0 : ole32!AppInvoke+0x193<br>2e 000000000750e5a0 000007fefda18b15 : 000000000010f810 0000000000000400<br>0000000000000000 0000000000000000 : ole32!ComInvokeWithLockAndIPID+0x407<br>2f 000000000750e720 000007fefd8e9ad9 : 0000000000105f40 0000000000000000<br>00000000000ff008 000000000010f810 : ole32!ComInvoke+0x85<br>30 000000000750e750 000007fefd8e9982 : 0000000005334ca0 000000000010f818<br>0000000000000400 0000000000000000 : ole32!ThreadDispatch+0x29<br>31 000000000750e780 0000000076f5d24a : 0000000000000624 00000000000006cc<br>0000000000000000 0000000007a4fea0 : ole32!ThreadWndProc+0xaa<br>32 000000000750e800 0000000076f5d39e : 000000000750e980 000007fefd8e98d8<br>0000000000000000 0000000001068ae0 : USER32!UserCallWinProcCheckWow+0x1ad<br>33 000000000750e8c0 000007fef67e7a79 : 00000000052e9500 00000000052e9500<br>000007fefd8e98d8 0000000000000100 : USER32!DispatchMessageWorker+0x389<br>34 000000000750e940 000007fef68805ee : 00000000000f2a60 0000000000000000<br>0000000000000000 0000000003440880 :<br>IEFRAME!CBrowserFrame::FrameMessagePump+0x411<br>35 000000000750ea00 000007fef685bd65 : 0000000000000000 0000000000062801<br>00000000052e9500 0000000000000000 : IEFRAME!BrowserThreadProc+0x14d<br>36 000000000750eaa0 000007fef685bdcf : 1012733400000001 0000000000000000<br>0000000000000000 0000000000000000 : IEFRAME!BrowserNewThreadProc+0x98<br>37 000000000750eae0 0000000076e3495d : 0000000000000000 0000000000000000<br>0000000000000000 0000000000000000 : IEFRAME!SHOpenFolderWindow+0x1df<br>38 000000000750fb90 0000000077038791 : 0000000000000000 0000000000000000<br>0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd<br>39 000000000750fbc0 0000000000000000 : 0000000000000000 0000000000000000<br>0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d<br><br>Thanks,<br>-Jeff<br><br>-----Original Message-----<br>From: xxxxx@lists.osr.com<br>[mailto:xxxxx@lists.osr.com] On Behalf Of Jeff Curless<br>Sent: Monday, June 22, 2009 3:47 PM<br>To: Kernel Debugging Interest List<br>Subject: [windbg] Weird stack<br><br>When I am kernel debugging on x64 and I am looking at a user-mode stack I<br>get a lot of funky output:<br><br>RetAddr : Args to Child<br>: Call Site<br>00000001800247f0 : 00000000002ad368 cccccccccccccccc cccccccccccccccc<br>cccccccccccccccc : mydll!myfunction2
00000000002ad368 : cccccccccccccccc cccccccccccccccc cccccccccccccccc
cccccccccccccccc : mydll!myfunction1<br>cccccccccccccccc : cccccccccccccccc cccccccccccccccc cccccccccccccccc<br>0000000000000000 : 0x2ad368
cccccccccccccccc : cccccccccccccccc cccccccccccccccc 0000000000000000
cccccccccccccccc : 0xcccccccccccccccc
cccccccccccccccc : cccccccccccccccc 0000000000000000 cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc
cccccccccccccccc : 0000000000000000 cccccccccccccccc cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc
0000000000000000 : cccccccccccccccc cccccccccccccccc cccccccccccccccc
cccccccccccccccc : 0xcccccccccccccccc

This is a debug build of user-mode code, with matching PDBs. Has anyone
else seen this? It makes debugging a lot more of a pain to say the least…

Newest WinDbg, PDBs built with newest VS2008, newest service pack. VMWare
VM running Windows Vista x64, SP1.

Thanks!
-Jeff


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer