Even after giving correct PDB symbols I cant see stack trace where it can tell me function calls. Stack text only shows msvcr120. Also this crash occurs on customer machine only. I am wondering if something is missing wrt msvcr120 which we need to install. This is what I can see in windbg:
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00007fffc113dd27 (msvcr120+0x000000000006dd27)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000005
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=aaaaaaaaaaaaaaaa rbx=0000000000000000 rcx=aaaaaaaaaaaaaaaa
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=00007fffc113dd27 rsp=000000e40cd261c0 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=aaaaaaaaaaaaaaaa r12=000000e40c3076b0 r13=0000000000000000
r14=000000000000005c r15=000000e40c3051d0
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
msvcr120+0x6dd27:
00007fff`c113dd27 cd29 int 29h
PROCESS_NAME: <removed>
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_PARAMETER1: 0000000000000005
NTGLOBALFLAG: 0
APP: <removed>
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
FAULTING_THREAD: 0000000000005188
BUGCHECK_STR: APPLICATION_FAULT_INVALID_ARG_FAILURE_SEHOP
PRIMARY_PROBLEM_CLASS: INVALID_ARG_FAILURE_SEHOP
DEFAULT_BUCKET_ID: INVALID_ARG_FAILURE_SEHOP
LAST_CONTROL_TRANSFER: from 0000000000000000 to 00007fffc113dd27
STACK_TEXT:
000000e4`0cd261c0 00000000`00000000 : 00000000`00000000 00000000`00000000 aaaaaaaa`aaaaaaaa 00000000`00000000 : msvcr120+0x6dd27
STACK_COMMAND: ~5s; .ecxr ; kb
FOLLOWUP_IP:
msvcr120+6dd27
00007fff`c113dd27 cd29 int 29h
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: msvcr120+6dd27
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: msvcr120
IMAGE_NAME: msvcr120.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 524f83ff
FAILURE_BUCKET_ID: INVALID_ARG_FAILURE_SEHOP_c0000409_msvcr120.dll!Unknown
BUCKET_ID: APPLICATION_FAULT_INVALID_ARG_FAILURE_SEHOP_msvcr120+6dd27
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:invalid_arg_failure_sehop_c0000409_msvcr120.dll!unknown
FAILURE_ID_HASH: {6c95a838-d91e-9c26-c623-f4edddde2886}
Followup: MachineOwner
---------
0:005> k
Child-SP RetAddr Call Site
000000e4`0cd261c0 00000000`00000000 msvcr120+0x6dd27
(Btw I have tried every possible suggestion I found to get stack trace on stackoverflow and other places before asking question)
Based on the output above, you do not have valid symbols for msvcr120
. The first step is to try and get those. If you can't get the symbols, or you do get them and still can't get a good stack trace, then you should use dqs
and try to manually walk the stack.
User contributions licensed under CC BY-SA 3.0