Not able to see stack trace using windbg or Visual studio 2012/13

0

Even after giving correct PDB symbols I cant see stack trace where it can tell me function calls. Stack text only shows msvcr120. Also this crash occurs on customer machine only. I am wondering if something is missing wrt msvcr120 which we need to install. This is what I can see in windbg:

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00007fffc113dd27 (msvcr120+0x000000000006dd27)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000005

CONTEXT:  0000000000000000 -- (.cxr 0x0;r)
rax=aaaaaaaaaaaaaaaa rbx=0000000000000000 rcx=aaaaaaaaaaaaaaaa
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=00007fffc113dd27 rsp=000000e40cd261c0 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=aaaaaaaaaaaaaaaa r12=000000e40c3076b0 r13=0000000000000000
r14=000000000000005c r15=000000e40c3051d0
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
msvcr120+0x6dd27:
00007fff`c113dd27 cd29            int     29h

PROCESS_NAME:  <removed>

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_PARAMETER1:  0000000000000005

NTGLOBALFLAG:  0

APP:  <removed>

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

FAULTING_THREAD:  0000000000005188

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_ARG_FAILURE_SEHOP

PRIMARY_PROBLEM_CLASS:  INVALID_ARG_FAILURE_SEHOP

DEFAULT_BUCKET_ID:  INVALID_ARG_FAILURE_SEHOP

LAST_CONTROL_TRANSFER:  from 0000000000000000 to 00007fffc113dd27

STACK_TEXT:  
000000e4`0cd261c0 00000000`00000000 : 00000000`00000000 00000000`00000000 aaaaaaaa`aaaaaaaa 00000000`00000000 : msvcr120+0x6dd27


STACK_COMMAND:  ~5s; .ecxr ; kb

FOLLOWUP_IP: 
msvcr120+6dd27
00007fff`c113dd27 cd29            int     29h

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  msvcr120+6dd27

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: msvcr120

IMAGE_NAME:  msvcr120.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  524f83ff

FAILURE_BUCKET_ID:  INVALID_ARG_FAILURE_SEHOP_c0000409_msvcr120.dll!Unknown

BUCKET_ID:  APPLICATION_FAULT_INVALID_ARG_FAILURE_SEHOP_msvcr120+6dd27

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:invalid_arg_failure_sehop_c0000409_msvcr120.dll!unknown

FAILURE_ID_HASH:  {6c95a838-d91e-9c26-c623-f4edddde2886}

Followup: MachineOwner
---------

0:005> k
Child-SP          RetAddr           Call Site
000000e4`0cd261c0 00000000`00000000 msvcr120+0x6dd27

(Btw I have tried every possible suggestion I found to get stack trace on stackoverflow and other places before asking question)

windows
visual-studio-2012
windbg
visual-studio-debugging
debug-symbols
asked on Stack Overflow Sep 11, 2014 by user2934367 • edited Sep 11, 2014 by Thomas Weller

1 Answer

0

Based on the output above, you do not have valid symbols for msvcr120. The first step is to try and get those. If you can't get the symbols, or you do get them and still can't get a good stack trace, then you should use dqs and try to manually walk the stack.

answered on Stack Overflow Sep 11, 2014 by josh poley

User contributions licensed under CC BY-SA 3.0