Windows error 0x0000002B, 43

Detailed Error Information


This is a Blue Screen of Death stop code. More information is available in the Knowledge Base article Bug Check 0x2B: PANIC_STACK_SWITCH.

HRESULT analysis[2]

This is probably not the correct interpretation of this error. The Win32 error above is more likely to indicate the actual problem.

This code indicates success, rather than an error. This may not be the correct interpretation of this code, or possibly the program is handling errors incorrectly.

Reserved (R)false
Reserved (X)false
FacilityCode0 (0x000)
DescriptionThe default facility code.[2][3]
Error Code43 (0x002b)

Possible solutions


Investigating Memory Leak


The stack recorded when using GFlags is done without utilizing .pdb and often not correct. Since you have traced the leak down to a specific size on a given heap, you can try to set a live break in RtlAllocateHeap and inspect the stack in windbg with proper symbols. I have used the following with some success. You must edit it to suit your heap and size.

 $$ Display stack if heap handle eq 0x00310000 and size is  0x1303
 $$ ====================================================================
bp ntdll!RtlAllocateHeap "j ((poi(@esp+4) = 0x00310000) & (poi(@esp+c) = 0x1303) )'k';'gc'" 

Maybe you then get another stack and other ideas for the offender.

answered on Stack Overflow Apr 10, 2012 by Kjell Gunnar • edited May 9, 2015 by Kjell Gunnar

How can I find the crash line of code from stack?


The only one reasonable way for doing this is to load your crash dump into the debugger and provide symbols, i.e. the .pdb files. This can be tricky because pdb files may not have enough info. Companies like Microsoft give out public PDB files that do not have information about the names of the local vars and other details. PDBs that with full information are called public PDBs.

Sometimes the stack gets corrupted and this results in a "lose of control". Code picks up the return address, that is some garbage, loads this value into EIP and starts executing instructions from there. In this scenario the crash happens very soon, after executing just a couple of "instructions".

I mean that you need to figure out if your EIP is pointing to any code first.

answered on Stack Overflow Oct 14, 2012 by Kirill Kobelev • edited Oct 17, 2012 by Kirill Kobelev

Investigating Memory Leak


The first thing is that the new operator is the new [] operator so is there a corresponding delete[] call and not a plain old delete call?

If you suspect this code I would put a test harness around it, for instance put it in a loop and execute it 100 or 1000 times, does it still leak and proportionally.

You can also measure the memory increase using process explorer or programmatically using GetProcessInformation.

The other obvious thing is to see what happens when you comment out this function call, does the memory leak go away? You may need to do a binary chop if possible of the code to reduce the likely suspect code by half (roughly) each time by commenting out code, however, changing the behaviour of the code may cause more problems or dependant code path issues which can cause memory leaks or strange behaviour.

EDIT Ignore the following seeing as you are working in a managed environment.

You may also consider using the STL or better yet boost reference counted pointers like shared_ptr or scoped_array for array structures to manage the lifetime of the objects.

answered on Stack Overflow Apr 5, 2012 by EdChum • edited Apr 6, 2012 by EdChum

Change display format of DirectX "Object Table"


You need to change the format through the Graphics Object Table (menu Debug > Graphics > Object Table).

Select your index buffer in the table and then change its format using the Buffer Format combo box at the top of the Graphics Object Table.

answered on Stack Overflow Jul 27, 2013 by AkisK

GDB - see what have accessed the address/break on it


I am trying to overwrite the function vtable:

There is no such thing. Perhaps you mean class vtable?

Will just b *0xb7993170 work?

No. b *0xb7993170 will only work IF 0xb7993170 contains executable code. If it actually contains a vtable (i.e. a pointer to code), you'll want:

awatch *(int**)0xb7993170

Or you can just continue the binary and let it crash when it tries to dereference 0x42424242.

P.S. Given that 0xb7993170 contained 0 before the memcpy, it was certainly not a function pointer (but could still be part of vtable).

You need to set a watch point on the actual pointer location (i.e. 0xb7993170 will not work, you need 0xb7993178 or something like that).

answered on Stack Overflow Mar 29, 2017 by Employed Russian

BitLocker USB Drive removed while accessing, filesystem is corrupt, can it be fixed?


I guess this isn't really an answer. However, I hope it will nevertheless be helpful to others.

Sadly, I think you've learned a rather harsh lesson regarding the use of encrypted drives, especially removable ones.

All encrypted drives whether removable or not are more sensitive to corruption issues. This makes it even more important to ensure that you have the data backed up. Clearly, the backup also needs to be encrypted and again this means that you should keep several copies of backups. The realistic minimum for backups is THREE. These should be kept in different locations.

For home use, I keep data on local PC's, copied on the NAS (the NAS drive data is duplicated within the NAS, not really a robust backup but convenient if a local disk fails) and copied to a secure cloud backup such as CrashPlan.

No form of removable media can be considered robust. Flash based memory sticks are as liable to faile as any other removable media. I don't know what the exact stats are but my own experience is that a memory stick is just as likely to fail as a hard drive, rather less than an old-fashioned floppy disk. CD's and DVD's are very variable in their reliability with some failing after a couple of years of storage, others lasting a decade or more.

Sorry about the lack of a real answer but I think this is always worth repeating so that more people understand the need for good backup processes.

answered on Super User May 4, 2014 by Julian Knight

Does an access violation exception happen before or after the offending memory is written?


This was caused by a classic buffer overflow in unmanaged code. An array pointer was loaded into a register and then a loop took care of the rest overwriting all of my stack variables, which made it look like the code was in a different state than it was when it crashed.

answered on Stack Overflow Dec 17, 2014 by Jason Hernandez

Empty Unity project generates "Access Violation (0xc0000005)" error


So, I had the solution to this bug from a member of the Unity team, on their forum. This is a known bug from Unity. This bug has been fixed on some versions of Unity. The Unity guy told me this bug was fixed on versions 2018.1.0b11, 2017.4.1f1, 2017.2.2p2, 2017.1.3p3, 5.6.5p3.

I tried building my game on Unity 2017.2.2p2 and running the build. It works perfectly.

answered on Stack Overflow Apr 7, 2018 by vdlmrc

Empty Unity project generates "Access Violation (0xc0000005)" error


I recently had a run-in with the same error on a steam game. (ShadowRun Returns btw) There is one dll file that the output_log.txt marks with -nosymbols- instead of -exported-, and it is called profapi.dll. I did a quick google search and saw that it was not necessary for Windows, so as a test I changed the extention to .disabled. (Nothing special about the extension, I just wanted to make sure I could recover it if needed.) After doing that, the game launched just fine. Other than that, there was a common bug with antivirus' causing the problem as well.

answered on Stack Overflow May 6, 2018 by BeyJohn

Python-Pandas Parser for Text Records arranged in non-uniform number of Rows-Lines


This code shows how to parse the input lines into two dictionaries in a simple way. It assumes that the input is very regular. The main action comes just after reading each line where lines are split on blanks, colons are removed (which assumes that there are none in the data) and the equal signs are removed — all to simplify subsequent processing based on the first item in each line.

If you run the code you'll find that it creates two text files, each of which consists of one dictionary per line.

with open ('DF1.txt', 'w') as DF1:
    with open ('DF2.txt', 'w') as DF2:

        DF1_record = {}
        DF2_record = {}
        with open('bigText.txt') as bigText:
            for inputLine in bigText:
                inputLine = [_.replace(':', '') for _ in inputLine.strip().split()]
                if '=' in inputLine:
                kind = inputLine[0]
                if kind=='Record':
                    if DF1_record:
                    if DF2_record:
                if kind in ['attribute1', 'attribute2', 'attribute4', 'timestamp']:
                    if kind=='attribute2':
                if kind in ['attribute1', 'attribute4', 'attribute4', 'attribute4', 'attribute7', 'timestamp']:
                    if DF1_record['attribute1']=='3090':
answered on Stack Overflow Dec 17, 2016 by Bill Bell


Leave a comment

(plain text only)


  3. winerror.h from Windows SDK 10.0.14393.0

User contributions licensed under CC BY-SA 3.0