How to find the crash reason in this dump?

Question

How to find the crash reason in this dump?

This is the output of my exception analysis:

0:000:x86> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

GetUrlPageData2 (WinHttp) failed: 12002.

DUMP_CLASS: 2

DUMP_QUALIFIER: 400

FAULTING_IP: 
+0
00000000 ??              ???

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00000000
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 0

FAULTING_THREAD:  00002504

BUGCHECK_STR:  BREAKPOINT

DEFAULT_BUCKET_ID:  BREAKPOINT

PROCESS_NAME:  xxxx-qt.exe

ERROR_CODE: (NTSTATUS) 0x80000003 - <Unable to get error code text>

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - <Unable to get error code text>

EXCEPTION_CODE_STR:  80000003

WATSON_BKT_PROCSTAMP:  0

WATSON_BKT_PROCVER:  1.0.3.0

WATSON_BKT_MODULE:  unknown

WATSON_BKT_MODVER:  0.0.0.0

WATSON_BKT_MODOFFSET:  0

WATSON_BKT_MODSTAMP:  bbbbbbb4

BUILD_VERSION_STRING:  10.0.16299.15 (WinBuild.160101.0800)

MODLIST_WITH_TSCHKSUM_HASH:  2b0132dd934be1314ea3cabb0f34bc66ed95f2a9

MODLIST_SHA1_HASH:  ad48c6fc7b481b8e4e8e16191bfe048665452853

NTGLOBALFLAG:  0

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

PRODUCT_TYPE:  1

SUITE_MASK:  272

DUMP_FLAGS:  8000c07

DUMP_TYPE:  3

ANALYSIS_SESSION_HOST:  DESKTOP-LH

ANALYSIS_SESSION_TIME:  03-26-2018 14:38:16.0351

ANALYSIS_VERSION: 10.0.15063.0 amd64fre

THREAD_ATTRIBUTES: 
OS_LOCALE:  CHS

PROBLEM_CLASSES: 

    ID:     [0n300]
    Type:   [@APPLICATION_FAULT_STRING]
    Class:  Primary
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Omit
    Data:   Add
            String: [BREAKPOINT]
    PID:    [Unspecified]
    TID:    [Unspecified]
    Frame:  [0]

    ID:     [0n152]
    Type:   [ZEROED_STACK]
    Class:  Addendum
    Scope:  BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [0x398]
    TID:    [0x2504]
    Frame:  [0] : ntdll_77d20000!NtWaitForSingleObject

PRIMARY_PROBLEM_CLASS:  BREAKPOINT

LAST_CONTROL_TRANSFER:  from 75fbec29 to 77d8e7ac

STACK_TEXT:  
023fd530 75fbec29 00000988 00000000 00000000 ntdll_77d20000!NtWaitForSingleObject+0xc
023fd5a4 75fbeb82 00000988 ffffffff 00000000 KERNELBASE!WaitForSingleObjectEx+0x99
023fd5b8 00309d25 00000988 ffffffff 327cca60 KERNELBASE!WaitForSingleObject+0x12
WARNING: Stack unwind information not available. Following frames may be wrong.
023fd618 0030aa53 01df26f8 00000003 00000008 xxxx_qt+0x109d25
023fd658 00223d1f 005270cf 00000000 00047d5c xxxx_qt+0x10aa53
023fd698 00252dc8 0000001d 2f32a888 023fd740 xxxx_qt+0x23d1f
023fd6f8 00af9573 32737cb8 00000000 00000008 xxxx_qt+0x52dc8
023fd778 00c3d733 326f7880 00000003 00000003 xxxx_qt+0x8f9573
023fd7b8 00afa30d 023fda40 023fda40 00f55a09 xxxx_qt+0xa3d733
023fd858 0058cb6c 023fda40 023fda40 023fd888 xxxx_qt+0x8fa30d
023fd888 00591bed 326f7880 023fda40 00000000 xxxx_qt+0x38cb6c
023fd9e8 00b02a61 326f7880 023fda40 023ffe88 xxxx_qt+0x391bed
023fda28 00bdcbc4 326f7880 023fda40 00000000 xxxx_qt+0x902a61
023fda68 00bdce9a 00000002 ffffffeb 023fda94 xxxx_qt+0x9dcbc4
023fdae8 76abe0bb 77d58800 76abe0bb 00040cb0 xxxx_qt+0x9dce9a
023fdb1c 76ac8849 00bdcc30 00040cb0 00000113 user32!_InternalCallWinProc+0x2b
023fdb40 76acb145 00000113 00000002 00000000 user32!InternalCallWinProc+0x20
023fdc10 76ab90dc 00bdcc30 00000000 00000113 user32!UserCallWinProcCheckWow+0x1be
023fdc7c 76ab8c20 fa06158c 023ffa28 00bdc888 user32!DispatchMessageWorker+0x4ac
023fdc88 00bdc888 023fdce8 023fdce8 00000000 user32!DispatchMessageW+0x10
023ffa28 005265d2 04590000 00000000 023ffab0 xxxx_qt+0x9dc888
023ffa98 00be3b1a 023ffd10 07798918 07798918 xxxx_qt+0x3265d2
023ffb08 00b07e3b 00000000 fffffffe 77b47084 xxxx_qt+0x9e3b1a
023ffb48 0137868f 023ffc38 023ffcf0 00000000 xxxx_qt+0x907e3b
023ffd68 002013de 04592958 00000015 00000003 xxxx_qt!secp256k1_ecdsa_recover+0x4e834f
023ffe3c 77958654 0203a000 77958630 7a6901f5 xxxx_qt+0x13de
023ffe50 77d84a77 0203a000 0c113550 00000000 kernel32!BaseThreadInitThunk+0x24
023ffe98 77d84a47 ffffffff 77da9ea0 00000000 ntdll_77d20000!__RtlUserThreadStart+0x2f
023ffea8 00000000 002014c0 0203a000 00000000 ntdll_77d20000!_RtlUserThreadStart+0x1b


STACK_COMMAND:  ~0s; .ecxr ; kb

THREAD_SHA1_HASH_MOD_FUNC:  e0421bbc0fe52c3bb56e6185aca42aa72901aa6e

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  b92c38dc935b5f5945935e893a302c5fea1c3bd2

THREAD_SHA1_HASH_MOD:  168546ebd037b992efa151d97e472233562a8a16

FOLLOWUP_IP: 
xxxx_qt+109d25
00309d25 83ec08          sub     esp,8

FAULT_INSTR_CODE:  a908ec83

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  xxxx_qt+109d25

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: xxxx_qt

IMAGE_NAME:  xxxx-qt.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

BUCKET_ID:  BREAKPOINT_xxxx_qt+109d25

FAILURE_EXCEPTION_CODE:  80000003

FAILURE_IMAGE_NAME:  xxxx-qt.exe

BUCKET_ID_IMAGE_STR:  xxxx-qt.exe

FAILURE_MODULE_NAME:  xxxx_qt

BUCKET_ID_MODULE_STR:  xxxx_qt

FAILURE_FUNCTION_NAME:  Unknown

BUCKET_ID_FUNCTION_STR:  Unknown

BUCKET_ID_OFFSET:  109d25

BUCKET_ID_MODTIMEDATESTAMP:  0

BUCKET_ID_MODCHECKSUM:  1c90f93

BUCKET_ID_MODVER_STR:  1.0.3.0

BUCKET_ID_PREFIX_STR:  BREAKPOINT_

FAILURE_PROBLEM_CLASS:  BREAKPOINT

FAILURE_SYMBOL_NAME:  xxxx-qt.exe!Unknown

FAILURE_BUCKET_ID:  BREAKPOINT_80000003_xxxx-qt.exe!Unknown

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/xxxx-qt.exe/1.0.3.0/       0/unknown/0.0.0.0/bbbbbbb4/80000003/00000000.htm?Retriage=1

TARGET_TIME:  2018-03-26T03:09:34.000Z

OSBUILD:  16299

OSSERVICEPACK:  15

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt SingleUserTS

USER_LCID:  0

OSBUILD_TIMESTAMP:  2031-10-27 10:56:14

BUILDDATESTAMP_STR:  160101.0800

BUILDLAB_STR:  WinBuild

BUILDOSVER_STR:  10.0.16299.15

ANALYSIS_SESSION_ELAPSED_TIME:  5356

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:breakpoint_80000003_xxxx-qt.exe!unknown

FAILURE_ID_HASH:  {6552c40a-0a0b-7509-8742-3e41d9d48f81}

Followup:     MachineOwner
---------

What does this dump output mean?

According the dump file, it crashed at a breakpoint, but we haven't put any breakpoint in our code.

I used .excr, it said Minidump doesn't have an exception context:

Unable to get exception context, HRESULT 0x80004002"

How to find the actual error which made the program crash? EIP is 77d8e7ac and the code there is:

ret 0Ch
esp 023fd534

Data in stack:

023fd534  75fbec29 00000988 00000000 00000000
023fd544  87036a3b 01df26f8 01df2700 80000001
023fd554  00000024 00000001 00000000 00000000
023fd564  00000000 00000000 00000000 00000000
023fd574  00000000 77b47084 009c12cd 00000000

Code at 75fbec29 is mov ebx, eax in KERNELBASE!WaitForSingleObjectEx.

I don't know why the program crashed.

Actually I found the call stack with the symbol. It's in a QT event loop. And I think it's did not crash immediately. It seems that something goes wrong, the program continues, and crashed later on.

windbg

dump

asked on Stack Overflow Mar 26, 2018 by

Ivnoidea • edited Dec 14, 2018 by

Jenny O'Reilly

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0