Windows 7 exception code: 0xc0000409

I have a C++ windows application that was done by another programmer, that I had to remove one line of code. After rebuilding the application with visual studio 2013 it crashes with this in the event log:

Faulting application name: WaveStream.exe, version: 0.0.0.0, time stamp: 0x536122da
Faulting module name: WaveStream.exe, version: 0.0.0.0, time stamp: 0x536122da
Exception code: 0xc0000409
Fault offset: 0x0000bd7f
Faulting process id: 0x8b8
Faulting application start time: 0x01cf6490aee4f557
Faulting application path: C:\Program Files (x86)\PS Audio\WaveStream.exe
Faulting module path: C:\Program Files (x86)\PS Audio\WaveStream.exe
Report Id: efe00d42-d083-11e3-a513-bc305baf9e1e

The application uses QT 4.7.4, and compiles with no errors. I am an embedded systems programmer and have very little windows programing experience. What can I do to figure out why it is crashing?

Dennis

The clue to the problem is in the exception code: 0xc0000409

0xc0000409 means STATUS_STACK_BUFFER_OVERRUN.

In other words, something in your program is writing past the current stack frame, corrupting data on the stack. The program has detected this and rather than let it continue, has thrown an exception.

How do you debug this? There are a few options:

1) Rerun this in the debugger and watch it crash, workout what failed.

2) If you've got a crash dump of this, load that in the debugger, hit F5 and workout what failed.

3) If you don't have a crash dump you can still attempt to find out the cause of the crash if you know the absolute address of the crash (and know the module always loads at a fixed address), or if you know the offset of the crash location from the start of the faulting module.

The crash information above tells you the offset into the faulting module of the crash. That's reported in the Fault Offset field. In your example, that is an offset of 0x0000bd7f.

If you've got the original dll/exe and it's matching PDB, just load it into DbgHelpBrowser, go to the Query menu, choose "Find Symbol with DLL Relative Address..." then enter the offset in the field and click "Find Symbol...". The display will move to show you the nearest matching symbol, highlighting the symbol and display any info about parameters, line numbers and source code.

It's a free tool. You can get it here: https://www.softwareverify.com/cpp-dbghelp-browser.php

Disclaimer. I wrote this tool to do just this job for our in house use. We recently made it available for everyone else. I found this question while trying to understand what the exception code 0xc0000409 meant.